csaf_redhat - rhba-2010

rhba-2010_0266

Vulnerability from csaf_redhat

Published

2010-03-30 00:00

Modified

2024-11-22 03:11

Summary

Red Hat Bug Fix Advisory: cman bug fix and enhancement update

Notes

Topic

Updated cman packages that fix bugs and add enhancements are now available.

Details

The Cluster Manager (cman) utility provides user-level services for managing a Linux cluster. Changes in this update: * fence_rsa fails to login with new RSA II firmware. (BZ#549473) * fence_virsh reports vm status incorrectly. (BZ#544664) * improve error messages from ccsd if there is a network problem. (BZ#517399) * new fence agent for VMWare. (BZ#548577) Note: this is a Tech Preview only. * fence agent for HP iLO2 MP. (BZ#508722) * fence agent for RSB ends with traceback. (BZ#545054) * security feature for SNMP based agent: apc_snmp & ibmblade. (BZ#532922) * change default timeout values for various fence agents. (BZ#549124) * "Option -V" (show version) was not working in all fence agents. (BZ#549113) * automatically configure consensus based on token timeout. (BZ#544482) * add readconfig & dumpconfig to fence_tool. (BZ#514662) * make groupd handle partition merges. (BZ#546082) * groupd: clean up leaving failed node. (BZ#521817) * scsi_reserve should always echo after failure. (BZ#514260) * fence_scsi_test: add debug information. (BZ#516763) * fence_scsi_test should not allow -c & -s options together. (BZ#528832) * fix fence_ipmilan read from unitialized memory. (BZ#532138) * make qdiskd stop crying wolf. (BZ#532773) * fencing failed when used without telnet or ssh. (BZ#512343) * APC changed product name (MasterSwitch -> Switched Rack PDU). (BZ#447481) * fix invalid initalization introduced by retry-on option. * broken device detection for DRAC3 ERA/O. (BZ#489809) * fix case sensitivities in action parameter. (BZ#528938) * fencing_snmp failed on all operations & traceback fix. (BZ#528916) * accept unknown options from standard input. (BZ#532920) * fence_apc unable to obtain plug status. (BZ#532916) * timeout options added. (BZ#507514) * better default timeout for bladecenter. (BZ#526806) * the LOGIN_TIMEOUT value was too short for fence_lpar & the SSH login timed out before the connection could be completed. (BZ#546340) * add missing-as-off option (missing blade/device is always OFF). (BZ#248006) * make qdiskd "master-wins" node work. (BZ#372901) * make qdisk self-fence system if write errors take longer than interval*tko. (BZ#511113) * make service_cman.lcrso executable, so RPM adds it to the debuginfo pkg. (BZ#511346) * don't check for xm command in cman init script: virsh is more appropriate. (BZ#516111) * allow re-registering of a quorum device. (BZ#525270) * fix fence_scsi, multipath & persistent reservations. (BZ#516625) * cman_tool leave remove reduces quorum when no services are connected. (BZ#515446) * fence_sanbox2 unable to retrieve status. (BZ#512947) * gfs_controld: GETLK should free unused resource. (BZ#513285) * allow IP addresses as node names. (BZ#504158) * fence_scsi man page contains invalid option. (BZ#515731) * fence_scsi support for 2 node clusters. (BZ#516085) * Support for power cycle in fence ipmi. (BZ#482913) * add option 'list devices' for fencing agents. (BZ#519697) * add support for switching IPv4/IPv6. (BZ#520458) * fence agent ends with traceback if option is missing. (BZ#508262) * command line options to override default ports for different services, such as SSH & Telnet (i.e. -u option) were added. (BZ#506928) Note: "-u" does not currently work with fence_wti. Other agents honor the port override command line options properly, however. (BZ#506928) * force stdout close for fencing agents. (BZ#518622) * support for long options. (BZ#519670) * fix a situation where cman could kill the wrong nodes. (BZ#513260) * fix support for >100 gfs & gfs2 file systems. (BZ#561892) * fix a problem where 'dm suspend' would hang a withdrawn GFS file system. (BZ#570530) * fix a problem where fence_snmp returned success when the operation failed. (BZ#573834) * fencing support for the new iDRAC interface included with Dell PowerEdge R710 & R910 blade servers was added. (BZ#496748) All cman users should install this update which makes these changes.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated cman packages that fix bugs and add enhancements are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Cluster Manager (cman) utility provides user-level services for\nmanaging a Linux cluster.\n\nChanges in this update:\n\n* fence_rsa fails to login with new RSA II firmware. (BZ#549473)\n\n* fence_virsh reports vm status incorrectly. (BZ#544664)\n\n* improve error messages from ccsd if there is a network problem.\n(BZ#517399)\n\n* new fence agent for VMWare. (BZ#548577)\n\nNote: this is a Tech Preview only.\n\n* fence agent for HP iLO2 MP. (BZ#508722)\n\n* fence agent for RSB ends with traceback. (BZ#545054)\n\n* security feature for SNMP based agent: apc_snmp \u0026 ibmblade. (BZ#532922)\n\n* change default timeout values for various fence agents. (BZ#549124)\n\n* \"Option -V\" (show version) was not working in all fence agents.\n(BZ#549113)\n\n* automatically configure consensus based on token timeout. (BZ#544482)\n\n* add readconfig \u0026 dumpconfig to fence_tool. (BZ#514662)\n\n* make groupd handle partition merges. (BZ#546082)\n\n* groupd: clean up leaving failed node. (BZ#521817)\n\n* scsi_reserve should always echo after failure. (BZ#514260)\n\n* fence_scsi_test: add debug information. (BZ#516763)\n\n* fence_scsi_test should not allow -c \u0026 -s options together. (BZ#528832)\n\n* fix fence_ipmilan read from unitialized memory. (BZ#532138)\n\n* make qdiskd stop crying wolf. (BZ#532773)\n\n* fencing failed when used without telnet or ssh. (BZ#512343)\n\n* APC changed product name (MasterSwitch -\u003e Switched Rack PDU). (BZ#447481)\n\n* fix invalid initalization introduced by retry-on option.\n\n* broken device detection for DRAC3 ERA/O. (BZ#489809)\n\n* fix case sensitivities in action parameter. (BZ#528938)\n\n* fencing_snmp failed on all operations \u0026 traceback fix. (BZ#528916)\n\n* accept unknown options from standard input. (BZ#532920)\n\n* fence_apc unable to obtain plug status. (BZ#532916)\n\n* timeout options added. (BZ#507514)\n\n* better default timeout for bladecenter. (BZ#526806)\n\n* the LOGIN_TIMEOUT value was too short for fence_lpar \u0026 the SSH login\ntimed out before the connection could be completed. (BZ#546340)\n\n* add missing-as-off option (missing blade/device is always OFF).\n(BZ#248006)\n\n* make qdiskd \"master-wins\" node work. (BZ#372901)\n\n* make qdisk self-fence system if write errors take longer than\ninterval*tko. (BZ#511113)\n\n* make service_cman.lcrso executable, so RPM adds it to the debuginfo pkg.\n(BZ#511346)\n\n* don\u0027t check for xm command in cman init script: virsh is more\nappropriate. (BZ#516111)\n\n* allow re-registering of a quorum device. (BZ#525270)\n\n* fix fence_scsi, multipath \u0026 persistent reservations. (BZ#516625)\n\n* cman_tool leave remove reduces quorum when no services are connected.\n(BZ#515446)\n\n* fence_sanbox2 unable to retrieve status. (BZ#512947)\n\n* gfs_controld: GETLK should free unused resource. (BZ#513285)\n\n* allow IP addresses as node names. (BZ#504158)\n\n* fence_scsi man page contains invalid option. (BZ#515731)\n\n* fence_scsi support for 2 node clusters. (BZ#516085)\n\n* Support for power cycle in fence ipmi. (BZ#482913)\n\n* add option \u0027list devices\u0027 for fencing agents. (BZ#519697)\n\n* add support for switching IPv4/IPv6. (BZ#520458)\n\n* fence agent ends with traceback if option is missing. (BZ#508262)\n\n* command line options to override default ports for different services,\nsuch as SSH \u0026 Telnet (i.e. -u option) were added. (BZ#506928)\n\nNote: \"-u\" does not currently work with fence_wti. Other agents honor the\nport override command line options properly, however. (BZ#506928)\n\n* force stdout close for fencing agents. (BZ#518622)\n\n* support for long options. (BZ#519670)\n\n* fix a situation where cman could kill the wrong nodes. (BZ#513260)\n\n* fix support for \u003e100 gfs \u0026 gfs2 file systems. (BZ#561892)\n\n* fix a problem where \u0027dm suspend\u0027 would hang a withdrawn GFS file system.\n(BZ#570530)\n\n* fix a problem where fence_snmp returned success when the operation\nfailed. (BZ#573834)\n\n* fencing support for the new iDRAC interface included with Dell PowerEdge\nR710 \u0026 R910 blade servers was added. (BZ#496748)\n\nAll cman users should install this update which makes these changes.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2010:0266",
        "url": "https://access.redhat.com/errata/RHBA-2010:0266"
      },
      {
        "category": "external",
        "summary": "248006",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=248006"
      },
      {
        "category": "external",
        "summary": "372901",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=372901"
      },
      {
        "category": "external",
        "summary": "447481",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=447481"
      },
      {
        "category": "external",
        "summary": "482913",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=482913"
      },
      {
        "category": "external",
        "summary": "489809",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=489809"
      },
      {
        "category": "external",
        "summary": "496748",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496748"
      },
      {
        "category": "external",
        "summary": "504158",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504158"
      },
      {
        "category": "external",
        "summary": "506928",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=506928"
      },
      {
        "category": "external",
        "summary": "507514",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=507514"
      },
      {
        "category": "external",
        "summary": "508262",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=508262"
      },
      {
        "category": "external",
        "summary": "508722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=508722"
      },
      {
        "category": "external",
        "summary": "511113",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511113"
      },
      {
        "category": "external",
        "summary": "511346",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511346"
      },
      {
        "category": "external",
        "summary": "512343",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512343"
      },
      {
        "category": "external",
        "summary": "512947",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512947"
      },
      {
        "category": "external",
        "summary": "513260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=513260"
      },
      {
        "category": "external",
        "summary": "513285",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=513285"
      },
      {
        "category": "external",
        "summary": "514260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514260"
      },
      {
        "category": "external",
        "summary": "515446",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515446"
      },
      {
        "category": "external",
        "summary": "515731",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515731"
      },
      {
        "category": "external",
        "summary": "516085",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516085"
      },
      {
        "category": "external",
        "summary": "516111",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516111"
      },
      {
        "category": "external",
        "summary": "516763",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516763"
      },
      {
        "category": "external",
        "summary": "517399",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=517399"
      },
      {
        "category": "external",
        "summary": "518622",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=518622"
      },
      {
        "category": "external",
        "summary": "519670",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=519670"
      },
      {
        "category": "external",
        "summary": "519697",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=519697"
      },
      {
        "category": "external",
        "summary": "520458",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520458"
      },
      {
        "category": "external",
        "summary": "521817",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521817"
      },
      {
        "category": "external",
        "summary": "528832",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=528832"
      },
      {
        "category": "external",
        "summary": "528938",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=528938"
      },
      {
        "category": "external",
        "summary": "532138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532138"
      },
      {
        "category": "external",
        "summary": "532773",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532773"
      },
      {
        "category": "external",
        "summary": "532916",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532916"
      },
      {
        "category": "external",
        "summary": "532920",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532920"
      },
      {
        "category": "external",
        "summary": "532922",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532922"
      },
      {
        "category": "external",
        "summary": "544482",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544482"
      },
      {
        "category": "external",
        "summary": "544664",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544664"
      },
      {
        "category": "external",
        "summary": "545054",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545054"
      },
      {
        "category": "external",
        "summary": "546082",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546082"
      },
      {
        "category": "external",
        "summary": "546340",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546340"
      },
      {
        "category": "external",
        "summary": "548577",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=548577"
      },
      {
        "category": "external",
        "summary": "549113",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=549113"
      },
      {
        "category": "external",
        "summary": "549473",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=549473"
      },
      {
        "category": "external",
        "summary": "570530",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570530"
      },
      {
        "category": "external",
        "summary": "573834",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=573834"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhba-2010_0266.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: cman bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T03:11:46+00:00",
      "generator": {
        "date": "2024-11-22T03:11:46+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHBA-2010:0266",
      "initial_release_date": "2010-03-30T00:00:00+00:00",
      "revision_history": [
        {
          "date": "2010-03-30T00:00:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-03-29T08:54:44+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T03:11:46+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                  "product_id": "5Client-Workstation",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cman-devel-0:2.0.115-34.el5.x86_64",
                "product": {
                  "name": "cman-devel-0:2.0.115-34.el5.x86_64",
                  "product_id": "cman-devel-0:2.0.115-34.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman-devel@2.0.115-34.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cman-0:2.0.115-34.el5.x86_64",
                "product": {
                  "name": "cman-0:2.0.115-34.el5.x86_64",
                  "product_id": "cman-0:2.0.115-34.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman@2.0.115-34.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cman-debuginfo-0:2.0.115-34.el5.x86_64",
                "product": {
                  "name": "cman-debuginfo-0:2.0.115-34.el5.x86_64",
                  "product_id": "cman-debuginfo-0:2.0.115-34.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman-debuginfo@2.0.115-34.el5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cman-devel-0:2.0.115-34.el5.i386",
                "product": {
                  "name": "cman-devel-0:2.0.115-34.el5.i386",
                  "product_id": "cman-devel-0:2.0.115-34.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman-devel@2.0.115-34.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cman-debuginfo-0:2.0.115-34.el5.i386",
                "product": {
                  "name": "cman-debuginfo-0:2.0.115-34.el5.i386",
                  "product_id": "cman-debuginfo-0:2.0.115-34.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman-debuginfo@2.0.115-34.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cman-0:2.0.115-34.el5.i386",
                "product": {
                  "name": "cman-0:2.0.115-34.el5.i386",
                  "product_id": "cman-0:2.0.115-34.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman@2.0.115-34.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cman-0:2.0.115-34.el5.src",
                "product": {
                  "name": "cman-0:2.0.115-34.el5.src",
                  "product_id": "cman-0:2.0.115-34.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman@2.0.115-34.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cman-devel-0:2.0.115-34.el5.ia64",
                "product": {
                  "name": "cman-devel-0:2.0.115-34.el5.ia64",
                  "product_id": "cman-devel-0:2.0.115-34.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman-devel@2.0.115-34.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cman-0:2.0.115-34.el5.ia64",
                "product": {
                  "name": "cman-0:2.0.115-34.el5.ia64",
                  "product_id": "cman-0:2.0.115-34.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman@2.0.115-34.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cman-debuginfo-0:2.0.115-34.el5.ia64",
                "product": {
                  "name": "cman-debuginfo-0:2.0.115-34.el5.ia64",
                  "product_id": "cman-debuginfo-0:2.0.115-34.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman-debuginfo@2.0.115-34.el5?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cman-devel-0:2.0.115-34.el5.ppc64",
                "product": {
                  "name": "cman-devel-0:2.0.115-34.el5.ppc64",
                  "product_id": "cman-devel-0:2.0.115-34.el5.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman-devel@2.0.115-34.el5?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cman-debuginfo-0:2.0.115-34.el5.ppc64",
                "product": {
                  "name": "cman-debuginfo-0:2.0.115-34.el5.ppc64",
                  "product_id": "cman-debuginfo-0:2.0.115-34.el5.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman-debuginfo@2.0.115-34.el5?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cman-devel-0:2.0.115-34.el5.ppc",
                "product": {
                  "name": "cman-devel-0:2.0.115-34.el5.ppc",
                  "product_id": "cman-devel-0:2.0.115-34.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman-devel@2.0.115-34.el5?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cman-0:2.0.115-34.el5.ppc",
                "product": {
                  "name": "cman-0:2.0.115-34.el5.ppc",
                  "product_id": "cman-0:2.0.115-34.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman@2.0.115-34.el5?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cman-debuginfo-0:2.0.115-34.el5.ppc",
                "product": {
                  "name": "cman-debuginfo-0:2.0.115-34.el5.ppc",
                  "product_id": "cman-debuginfo-0:2.0.115-34.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cman-debuginfo@2.0.115-34.el5?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-0:2.0.115-34.el5.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-0:2.0.115-34.el5.i386"
        },
        "product_reference": "cman-0:2.0.115-34.el5.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-0:2.0.115-34.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-0:2.0.115-34.el5.ia64"
        },
        "product_reference": "cman-0:2.0.115-34.el5.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-0:2.0.115-34.el5.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-0:2.0.115-34.el5.ppc"
        },
        "product_reference": "cman-0:2.0.115-34.el5.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-0:2.0.115-34.el5.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-0:2.0.115-34.el5.src"
        },
        "product_reference": "cman-0:2.0.115-34.el5.src",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-0:2.0.115-34.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-0:2.0.115-34.el5.x86_64"
        },
        "product_reference": "cman-0:2.0.115-34.el5.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-debuginfo-0:2.0.115-34.el5.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.i386"
        },
        "product_reference": "cman-debuginfo-0:2.0.115-34.el5.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-debuginfo-0:2.0.115-34.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.ia64"
        },
        "product_reference": "cman-debuginfo-0:2.0.115-34.el5.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-debuginfo-0:2.0.115-34.el5.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.ppc"
        },
        "product_reference": "cman-debuginfo-0:2.0.115-34.el5.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-debuginfo-0:2.0.115-34.el5.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.ppc64"
        },
        "product_reference": "cman-debuginfo-0:2.0.115-34.el5.ppc64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-debuginfo-0:2.0.115-34.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.x86_64"
        },
        "product_reference": "cman-debuginfo-0:2.0.115-34.el5.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-devel-0:2.0.115-34.el5.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-devel-0:2.0.115-34.el5.i386"
        },
        "product_reference": "cman-devel-0:2.0.115-34.el5.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-devel-0:2.0.115-34.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-devel-0:2.0.115-34.el5.ia64"
        },
        "product_reference": "cman-devel-0:2.0.115-34.el5.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-devel-0:2.0.115-34.el5.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-devel-0:2.0.115-34.el5.ppc"
        },
        "product_reference": "cman-devel-0:2.0.115-34.el5.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-devel-0:2.0.115-34.el5.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-devel-0:2.0.115-34.el5.ppc64"
        },
        "product_reference": "cman-devel-0:2.0.115-34.el5.ppc64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-devel-0:2.0.115-34.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:cman-devel-0:2.0.115-34.el5.x86_64"
        },
        "product_reference": "cman-devel-0:2.0.115-34.el5.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-0:2.0.115-34.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-0:2.0.115-34.el5.i386"
        },
        "product_reference": "cman-0:2.0.115-34.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-0:2.0.115-34.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-0:2.0.115-34.el5.ia64"
        },
        "product_reference": "cman-0:2.0.115-34.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-0:2.0.115-34.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-0:2.0.115-34.el5.ppc"
        },
        "product_reference": "cman-0:2.0.115-34.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-0:2.0.115-34.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-0:2.0.115-34.el5.src"
        },
        "product_reference": "cman-0:2.0.115-34.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-0:2.0.115-34.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-0:2.0.115-34.el5.x86_64"
        },
        "product_reference": "cman-0:2.0.115-34.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-debuginfo-0:2.0.115-34.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-debuginfo-0:2.0.115-34.el5.i386"
        },
        "product_reference": "cman-debuginfo-0:2.0.115-34.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-debuginfo-0:2.0.115-34.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-debuginfo-0:2.0.115-34.el5.ia64"
        },
        "product_reference": "cman-debuginfo-0:2.0.115-34.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-debuginfo-0:2.0.115-34.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-debuginfo-0:2.0.115-34.el5.ppc"
        },
        "product_reference": "cman-debuginfo-0:2.0.115-34.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-debuginfo-0:2.0.115-34.el5.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-debuginfo-0:2.0.115-34.el5.ppc64"
        },
        "product_reference": "cman-debuginfo-0:2.0.115-34.el5.ppc64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-debuginfo-0:2.0.115-34.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-debuginfo-0:2.0.115-34.el5.x86_64"
        },
        "product_reference": "cman-debuginfo-0:2.0.115-34.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-devel-0:2.0.115-34.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-devel-0:2.0.115-34.el5.i386"
        },
        "product_reference": "cman-devel-0:2.0.115-34.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-devel-0:2.0.115-34.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-devel-0:2.0.115-34.el5.ia64"
        },
        "product_reference": "cman-devel-0:2.0.115-34.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-devel-0:2.0.115-34.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-devel-0:2.0.115-34.el5.ppc"
        },
        "product_reference": "cman-devel-0:2.0.115-34.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-devel-0:2.0.115-34.el5.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-devel-0:2.0.115-34.el5.ppc64"
        },
        "product_reference": "cman-devel-0:2.0.115-34.el5.ppc64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cman-devel-0:2.0.115-34.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:cman-devel-0:2.0.115-34.el5.x86_64"
        },
        "product_reference": "cman-devel-0:2.0.115-34.el5.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-4192",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2008-08-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "460476"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cman/fence: insecure temporary file usage in the egenera fence agent",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:cman-0:2.0.115-34.el5.i386",
          "5Client-Workstation:cman-0:2.0.115-34.el5.ia64",
          "5Client-Workstation:cman-0:2.0.115-34.el5.ppc",
          "5Client-Workstation:cman-0:2.0.115-34.el5.src",
          "5Client-Workstation:cman-0:2.0.115-34.el5.x86_64",
          "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.i386",
          "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.ia64",
          "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.ppc",
          "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.ppc64",
          "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.x86_64",
          "5Client-Workstation:cman-devel-0:2.0.115-34.el5.i386",
          "5Client-Workstation:cman-devel-0:2.0.115-34.el5.ia64",
          "5Client-Workstation:cman-devel-0:2.0.115-34.el5.ppc",
          "5Client-Workstation:cman-devel-0:2.0.115-34.el5.ppc64",
          "5Client-Workstation:cman-devel-0:2.0.115-34.el5.x86_64",
          "5Server:cman-0:2.0.115-34.el5.i386",
          "5Server:cman-0:2.0.115-34.el5.ia64",
          "5Server:cman-0:2.0.115-34.el5.ppc",
          "5Server:cman-0:2.0.115-34.el5.src",
          "5Server:cman-0:2.0.115-34.el5.x86_64",
          "5Server:cman-debuginfo-0:2.0.115-34.el5.i386",
          "5Server:cman-debuginfo-0:2.0.115-34.el5.ia64",
          "5Server:cman-debuginfo-0:2.0.115-34.el5.ppc",
          "5Server:cman-debuginfo-0:2.0.115-34.el5.ppc64",
          "5Server:cman-debuginfo-0:2.0.115-34.el5.x86_64",
          "5Server:cman-devel-0:2.0.115-34.el5.i386",
          "5Server:cman-devel-0:2.0.115-34.el5.ia64",
          "5Server:cman-devel-0:2.0.115-34.el5.ppc",
          "5Server:cman-devel-0:2.0.115-34.el5.ppc64",
          "5Server:cman-devel-0:2.0.115-34.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4192"
        },
        {
          "category": "external",
          "summary": "RHBZ#460476",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460476"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4192"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4192",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4192"
        }
      ],
      "release_date": "2008-08-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-03-30T00:00:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Workstation:cman-0:2.0.115-34.el5.i386",
            "5Client-Workstation:cman-0:2.0.115-34.el5.ia64",
            "5Client-Workstation:cman-0:2.0.115-34.el5.ppc",
            "5Client-Workstation:cman-0:2.0.115-34.el5.src",
            "5Client-Workstation:cman-0:2.0.115-34.el5.x86_64",
            "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.i386",
            "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.ia64",
            "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.ppc",
            "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.ppc64",
            "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.x86_64",
            "5Client-Workstation:cman-devel-0:2.0.115-34.el5.i386",
            "5Client-Workstation:cman-devel-0:2.0.115-34.el5.ia64",
            "5Client-Workstation:cman-devel-0:2.0.115-34.el5.ppc",
            "5Client-Workstation:cman-devel-0:2.0.115-34.el5.ppc64",
            "5Client-Workstation:cman-devel-0:2.0.115-34.el5.x86_64",
            "5Server:cman-0:2.0.115-34.el5.i386",
            "5Server:cman-0:2.0.115-34.el5.ia64",
            "5Server:cman-0:2.0.115-34.el5.ppc",
            "5Server:cman-0:2.0.115-34.el5.src",
            "5Server:cman-0:2.0.115-34.el5.x86_64",
            "5Server:cman-debuginfo-0:2.0.115-34.el5.i386",
            "5Server:cman-debuginfo-0:2.0.115-34.el5.ia64",
            "5Server:cman-debuginfo-0:2.0.115-34.el5.ppc",
            "5Server:cman-debuginfo-0:2.0.115-34.el5.ppc64",
            "5Server:cman-debuginfo-0:2.0.115-34.el5.x86_64",
            "5Server:cman-devel-0:2.0.115-34.el5.i386",
            "5Server:cman-devel-0:2.0.115-34.el5.ia64",
            "5Server:cman-devel-0:2.0.115-34.el5.ppc",
            "5Server:cman-devel-0:2.0.115-34.el5.ppc64",
            "5Server:cman-devel-0:2.0.115-34.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2010:0266"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.2,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client-Workstation:cman-0:2.0.115-34.el5.i386",
            "5Client-Workstation:cman-0:2.0.115-34.el5.ia64",
            "5Client-Workstation:cman-0:2.0.115-34.el5.ppc",
            "5Client-Workstation:cman-0:2.0.115-34.el5.src",
            "5Client-Workstation:cman-0:2.0.115-34.el5.x86_64",
            "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.i386",
            "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.ia64",
            "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.ppc",
            "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.ppc64",
            "5Client-Workstation:cman-debuginfo-0:2.0.115-34.el5.x86_64",
            "5Client-Workstation:cman-devel-0:2.0.115-34.el5.i386",
            "5Client-Workstation:cman-devel-0:2.0.115-34.el5.ia64",
            "5Client-Workstation:cman-devel-0:2.0.115-34.el5.ppc",
            "5Client-Workstation:cman-devel-0:2.0.115-34.el5.ppc64",
            "5Client-Workstation:cman-devel-0:2.0.115-34.el5.x86_64",
            "5Server:cman-0:2.0.115-34.el5.i386",
            "5Server:cman-0:2.0.115-34.el5.ia64",
            "5Server:cman-0:2.0.115-34.el5.ppc",
            "5Server:cman-0:2.0.115-34.el5.src",
            "5Server:cman-0:2.0.115-34.el5.x86_64",
            "5Server:cman-debuginfo-0:2.0.115-34.el5.i386",
            "5Server:cman-debuginfo-0:2.0.115-34.el5.ia64",
            "5Server:cman-debuginfo-0:2.0.115-34.el5.ppc",
            "5Server:cman-debuginfo-0:2.0.115-34.el5.ppc64",
            "5Server:cman-debuginfo-0:2.0.115-34.el5.x86_64",
            "5Server:cman-devel-0:2.0.115-34.el5.i386",
            "5Server:cman-devel-0:2.0.115-34.el5.ia64",
            "5Server:cman-devel-0:2.0.115-34.el5.ppc",
            "5Server:cman-devel-0:2.0.115-34.el5.ppc64",
            "5Server:cman-devel-0:2.0.115-34.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "cman/fence: insecure temporary file usage in the egenera fence agent"
    }
  ]
}

cve-2008-4192

Vulnerability from cvelistv5

Published

2008-09-29 17:00

Modified

2024-08-07 10:08

Severity ?

Summary

The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/30898	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/32390	third-party-advisory, x_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2008/10/30/2	mailing-list, x_refsource_MLIST
	http://dev.gentoo.org/~rbu/security/debiantemp/cman	x_refsource_CONFIRM
	http://secunia.com/advisories/32387	third-party-advisory, x_refsource_SECUNIA
	https://bugs.gentoo.org/show_bug.cgi?id=235770	x_refsource_CONFIRM
	http://secunia.com/advisories/31887	third-party-advisory, x_refsource_SECUNIA
	http://uvw.ru/report.lenny.txt	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilities/44845	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2011/0419	vdb-entry, x_refsource_VUPEN
	http://www.ubuntu.com/usn/USN-875-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=460476	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2008/09/18/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2008/09/24/2	mailing-list, x_refsource_MLIST
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410	x_refsource_CONFIRM
	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/43362	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-0266.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:08:34.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "30898",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30898"
          },
          {
            "name": "32390",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32390"
          },
          {
            "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.gentoo.org/~rbu/security/debiantemp/cman"
          },
          {
            "name": "32387",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32387"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
          },
          {
            "name": "31887",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31887"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://uvw.ru/report.lenny.txt"
          },
          {
            "name": "cman-fenceegenera-symlink(44845)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44845"
          },
          {
            "name": "ADV-2011-0419",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0419"
          },
          {
            "name": "USN-875-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-875-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460476"
          },
          {
            "name": "[oss-security] 20080918 CVE Request (openswan, emacspeak, cman)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/09/18/3"
          },
          {
            "name": "[oss-security] 20080923 Re: CVE Request (openswan, emacspeak, cman)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/09/24/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410"
          },
          {
            "name": "FEDORA-2008-9042",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html"
          },
          {
            "name": "43362",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43362"
          },
          {
            "name": "RHSA-2011:0266",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0266.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "30898",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30898"
        },
        {
          "name": "32390",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32390"
        },
        {
          "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.gentoo.org/~rbu/security/debiantemp/cman"
        },
        {
          "name": "32387",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32387"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
        },
        {
          "name": "31887",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31887"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://uvw.ru/report.lenny.txt"
        },
        {
          "name": "cman-fenceegenera-symlink(44845)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44845"
        },
        {
          "name": "ADV-2011-0419",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0419"
        },
        {
          "name": "USN-875-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-875-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460476"
        },
        {
          "name": "[oss-security] 20080918 CVE Request (openswan, emacspeak, cman)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/09/18/3"
        },
        {
          "name": "[oss-security] 20080923 Re: CVE Request (openswan, emacspeak, cman)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/09/24/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410"
        },
        {
          "name": "FEDORA-2008-9042",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html"
        },
        {
          "name": "43362",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43362"
        },
        {
          "name": "RHSA-2011:0266",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0266.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4192",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "30898",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30898"
            },
            {
              "name": "32390",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32390"
            },
            {
              "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
            },
            {
              "name": "http://dev.gentoo.org/~rbu/security/debiantemp/cman",
              "refsource": "CONFIRM",
              "url": "http://dev.gentoo.org/~rbu/security/debiantemp/cman"
            },
            {
              "name": "32387",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32387"
            },
            {
              "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
              "refsource": "CONFIRM",
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
            },
            {
              "name": "31887",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31887"
            },
            {
              "name": "http://uvw.ru/report.lenny.txt",
              "refsource": "MISC",
              "url": "http://uvw.ru/report.lenny.txt"
            },
            {
              "name": "cman-fenceegenera-symlink(44845)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44845"
            },
            {
              "name": "ADV-2011-0419",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0419"
            },
            {
              "name": "USN-875-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-875-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=460476",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460476"
            },
            {
              "name": "[oss-security] 20080918 CVE Request (openswan, emacspeak, cman)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/09/18/3"
            },
            {
              "name": "[oss-security] 20080923 Re: CVE Request (openswan, emacspeak, cman)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/09/24/2"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410"
            },
            {
              "name": "FEDORA-2008-9042",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html"
            },
            {
              "name": "43362",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43362"
            },
            {
              "name": "RHSA-2011:0266",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0266.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4192",
    "datePublished": "2008-09-29T17:00:00",
    "dateReserved": "2008-09-23T00:00:00",
    "dateUpdated": "2024-08-07T10:08:34.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted