rhsa-2011_0264
Vulnerability from csaf_redhat
Published
2011-02-16 15:02
Modified
2024-11-14 10:50
Summary
Red Hat Security Advisory: rgmanager security and bug fix update
Notes
Topic
An updated rgmanager package that fixes multiple security issues and
several bugs is now available for Red Hat Cluster Suite 4.
The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The rgmanager package contains the Red Hat Resource Group Manager, which
provides high availability for critical server applications.
Multiple insecure temporary file use flaws were discovered in rgmanager and
various resource scripts run by rgmanager. A local attacker could use these
flaws to overwrite an arbitrary file writable by the rgmanager process
(i.e. user root) with the output of rgmanager or a resource agent via a
symbolic link attack. (CVE-2008-6552)
It was discovered that certain resource agent scripts set the
LD_LIBRARY_PATH environment variable to an insecure value containing empty
path elements. A local user able to trick a user running those scripts to
run them while working from an attacker-writable directory could use this
flaw to escalate their privileges via a specially-crafted dynamic library.
(CVE-2010-3389)
Red Hat would like to thank Raphael Geissert for reporting the
CVE-2010-3389 issue.
This update also fixes the following bugs:
* Previously, starting threads could incorrectly include a reference to an
exited thread if that thread exited when rgmanager received a request
to start a new thread. Due to this issue, the new thread did not retry and
entered an infinite loop. This update ensures that new threads do not
reference old threads. Now, new threads no longer enter an infinite loop
in which the rgmanager enables and disables services without failing
gracefully. (BZ#502872)
* Previously, nfsclient.sh left temporary nfsclient-status-cache-$$ files
in /tmp/. (BZ#506152)
* Previously, the function local_node_name in
/resources/utils/member_util.sh did not correctly check whether magma_tool
failed. Due to this issue, empty strings could be returned. This update
checks the input and rejects empty strings. (BZ#516758)
* Previously, the file system agent could kill a process when an
application used a mount point with a similar name to a mount point managed
by rgmanager using force_unmount. With this update, the file system agent
kills only the processes that access the mount point managed by rgmanager.
(BZ#555901)
* Previously, simultaneous execution of "lvchange --deltag" from
/etc/init.d/rgmanager caused a checksum error on High Availability Logical
Volume Manager (HA-LVM). With this update, ownership of LVM tags is checked
before removing them. (BZ#559582)
* Previously, the isAlive check could fail if two nodes used the same file
name. With this update, the isAlive function prevents two nodes from using
the same file name. (BZ#469815)
* Previously, the S/Lang code could lead to unwanted S/Lang stack leaks
during event processing. (BZ#507430)
All users of rgmanager are advised to upgrade to this updated package,
which corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated rgmanager package that fixes multiple security issues and\nseveral bugs is now available for Red Hat Cluster Suite 4.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rgmanager package contains the Red Hat Resource Group Manager, which\nprovides high availability for critical server applications.\n\nMultiple insecure temporary file use flaws were discovered in rgmanager and\nvarious resource scripts run by rgmanager. A local attacker could use these\nflaws to overwrite an arbitrary file writable by the rgmanager process\n(i.e. user root) with the output of rgmanager or a resource agent via a\nsymbolic link attack. (CVE-2008-6552)\n\nIt was discovered that certain resource agent scripts set the\nLD_LIBRARY_PATH environment variable to an insecure value containing empty\npath elements. A local user able to trick a user running those scripts to\nrun them while working from an attacker-writable directory could use this\nflaw to escalate their privileges via a specially-crafted dynamic library.\n(CVE-2010-3389)\n\nRed Hat would like to thank Raphael Geissert for reporting the\nCVE-2010-3389 issue.\n\nThis update also fixes the following bugs:\n\n* Previously, starting threads could incorrectly include a reference to an\nexited thread if that thread exited when rgmanager received a request\nto start a new thread. Due to this issue, the new thread did not retry and\nentered an infinite loop. This update ensures that new threads do not\nreference old threads. Now, new threads no longer enter an infinite loop\nin which the rgmanager enables and disables services without failing\ngracefully. (BZ#502872)\n\n* Previously, nfsclient.sh left temporary nfsclient-status-cache-$$ files\nin /tmp/. (BZ#506152)\n\n* Previously, the function local_node_name in\n/resources/utils/member_util.sh did not correctly check whether magma_tool\nfailed. Due to this issue, empty strings could be returned. This update\nchecks the input and rejects empty strings. (BZ#516758)\n\n* Previously, the file system agent could kill a process when an\napplication used a mount point with a similar name to a mount point managed\nby rgmanager using force_unmount. With this update, the file system agent\nkills only the processes that access the mount point managed by rgmanager.\n(BZ#555901)\n\n* Previously, simultaneous execution of \"lvchange --deltag\" from\n/etc/init.d/rgmanager caused a checksum error on High Availability Logical\nVolume Manager (HA-LVM). With this update, ownership of LVM tags is checked\nbefore removing them. (BZ#559582)\n\n* Previously, the isAlive check could fail if two nodes used the same file\nname. With this update, the isAlive function prevents two nodes from using\nthe same file name. (BZ#469815)\n\n* Previously, the S/Lang code could lead to unwanted S/Lang stack leaks\nduring event processing. (BZ#507430)\n\nAll users of rgmanager are advised to upgrade to this updated package,\nwhich corrects these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2011:0264",
"url": "https://access.redhat.com/errata/RHSA-2011:0264"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "469815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469815"
},
{
"category": "external",
"summary": "498985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=498985"
},
{
"category": "external",
"summary": "506152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=506152"
},
{
"category": "external",
"summary": "507430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507430"
},
{
"category": "external",
"summary": "516758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=516758"
},
{
"category": "external",
"summary": "519436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=519436"
},
{
"category": "external",
"summary": "555901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=555901"
},
{
"category": "external",
"summary": "639044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=639044"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0264.json"
}
],
"title": "Red Hat Security Advisory: rgmanager security and bug fix update",
"tracking": {
"current_release_date": "2024-11-14T10:50:34+00:00",
"generator": {
"date": "2024-11-14T10:50:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2011:0264",
"initial_release_date": "2011-02-16T15:02:00+00:00",
"revision_history": [
{
"date": "2011-02-16T15:02:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2011-02-16T10:07:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:50:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Cluster Suite 4AS",
"product": {
"name": "Red Hat Cluster Suite 4AS",
"product_id": "4AS-cluster",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_cluster:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Cluster Suite 4ES",
"product": {
"name": "Red Hat Cluster Suite 4ES",
"product_id": "4ES-cluster",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_cluster:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Cluster Suite 4WS",
"product": {
"name": "Red Hat Cluster Suite 4WS",
"product_id": "4WS-cluster",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_cluster:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Cluster Suite"
},
{
"branches": [
{
"category": "product_version",
"name": "rgmanager-0:1.9.88-2.el4.ia64",
"product": {
"name": "rgmanager-0:1.9.88-2.el4.ia64",
"product_id": "rgmanager-0:1.9.88-2.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rgmanager@1.9.88-2.el4?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"product": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"product_id": "rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rgmanager-debuginfo@1.9.88-2.el4?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "rgmanager-0:1.9.88-2.el4.src",
"product": {
"name": "rgmanager-0:1.9.88-2.el4.src",
"product_id": "rgmanager-0:1.9.88-2.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rgmanager@1.9.88-2.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rgmanager-0:1.9.88-2.el4.x86_64",
"product": {
"name": "rgmanager-0:1.9.88-2.el4.x86_64",
"product_id": "rgmanager-0:1.9.88-2.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rgmanager@1.9.88-2.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"product": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"product_id": "rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rgmanager-debuginfo@1.9.88-2.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rgmanager-0:1.9.88-2.el4.i386",
"product": {
"name": "rgmanager-0:1.9.88-2.el4.i386",
"product_id": "rgmanager-0:1.9.88-2.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rgmanager@1.9.88-2.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"product": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"product_id": "rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rgmanager-debuginfo@1.9.88-2.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "rgmanager-0:1.9.88-2.el4.ppc64",
"product": {
"name": "rgmanager-0:1.9.88-2.el4.ppc64",
"product_id": "rgmanager-0:1.9.88-2.el4.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rgmanager@1.9.88-2.el4?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"product": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"product_id": "rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rgmanager-debuginfo@1.9.88-2.el4?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.i386 as a component of Red Hat Cluster Suite 4AS",
"product_id": "4AS-cluster:rgmanager-0:1.9.88-2.el4.i386"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.i386",
"relates_to_product_reference": "4AS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.ia64 as a component of Red Hat Cluster Suite 4AS",
"product_id": "4AS-cluster:rgmanager-0:1.9.88-2.el4.ia64"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.ia64",
"relates_to_product_reference": "4AS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.ppc64 as a component of Red Hat Cluster Suite 4AS",
"product_id": "4AS-cluster:rgmanager-0:1.9.88-2.el4.ppc64"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.ppc64",
"relates_to_product_reference": "4AS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.src as a component of Red Hat Cluster Suite 4AS",
"product_id": "4AS-cluster:rgmanager-0:1.9.88-2.el4.src"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.src",
"relates_to_product_reference": "4AS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.x86_64 as a component of Red Hat Cluster Suite 4AS",
"product_id": "4AS-cluster:rgmanager-0:1.9.88-2.el4.x86_64"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.x86_64",
"relates_to_product_reference": "4AS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.i386 as a component of Red Hat Cluster Suite 4AS",
"product_id": "4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386"
},
"product_reference": "rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"relates_to_product_reference": "4AS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.ia64 as a component of Red Hat Cluster Suite 4AS",
"product_id": "4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64"
},
"product_reference": "rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"relates_to_product_reference": "4AS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.ppc64 as a component of Red Hat Cluster Suite 4AS",
"product_id": "4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64"
},
"product_reference": "rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"relates_to_product_reference": "4AS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.x86_64 as a component of Red Hat Cluster Suite 4AS",
"product_id": "4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64"
},
"product_reference": "rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"relates_to_product_reference": "4AS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.i386 as a component of Red Hat Cluster Suite 4ES",
"product_id": "4ES-cluster:rgmanager-0:1.9.88-2.el4.i386"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.i386",
"relates_to_product_reference": "4ES-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.ia64 as a component of Red Hat Cluster Suite 4ES",
"product_id": "4ES-cluster:rgmanager-0:1.9.88-2.el4.ia64"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.ia64",
"relates_to_product_reference": "4ES-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.ppc64 as a component of Red Hat Cluster Suite 4ES",
"product_id": "4ES-cluster:rgmanager-0:1.9.88-2.el4.ppc64"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.ppc64",
"relates_to_product_reference": "4ES-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.src as a component of Red Hat Cluster Suite 4ES",
"product_id": "4ES-cluster:rgmanager-0:1.9.88-2.el4.src"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.src",
"relates_to_product_reference": "4ES-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.x86_64 as a component of Red Hat Cluster Suite 4ES",
"product_id": "4ES-cluster:rgmanager-0:1.9.88-2.el4.x86_64"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.x86_64",
"relates_to_product_reference": "4ES-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.i386 as a component of Red Hat Cluster Suite 4ES",
"product_id": "4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386"
},
"product_reference": "rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"relates_to_product_reference": "4ES-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.ia64 as a component of Red Hat Cluster Suite 4ES",
"product_id": "4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64"
},
"product_reference": "rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"relates_to_product_reference": "4ES-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.ppc64 as a component of Red Hat Cluster Suite 4ES",
"product_id": "4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64"
},
"product_reference": "rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"relates_to_product_reference": "4ES-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.x86_64 as a component of Red Hat Cluster Suite 4ES",
"product_id": "4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64"
},
"product_reference": "rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"relates_to_product_reference": "4ES-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.i386 as a component of Red Hat Cluster Suite 4WS",
"product_id": "4WS-cluster:rgmanager-0:1.9.88-2.el4.i386"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.i386",
"relates_to_product_reference": "4WS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.ia64 as a component of Red Hat Cluster Suite 4WS",
"product_id": "4WS-cluster:rgmanager-0:1.9.88-2.el4.ia64"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.ia64",
"relates_to_product_reference": "4WS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.ppc64 as a component of Red Hat Cluster Suite 4WS",
"product_id": "4WS-cluster:rgmanager-0:1.9.88-2.el4.ppc64"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.ppc64",
"relates_to_product_reference": "4WS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.src as a component of Red Hat Cluster Suite 4WS",
"product_id": "4WS-cluster:rgmanager-0:1.9.88-2.el4.src"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.src",
"relates_to_product_reference": "4WS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-0:1.9.88-2.el4.x86_64 as a component of Red Hat Cluster Suite 4WS",
"product_id": "4WS-cluster:rgmanager-0:1.9.88-2.el4.x86_64"
},
"product_reference": "rgmanager-0:1.9.88-2.el4.x86_64",
"relates_to_product_reference": "4WS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.i386 as a component of Red Hat Cluster Suite 4WS",
"product_id": "4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386"
},
"product_reference": "rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"relates_to_product_reference": "4WS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.ia64 as a component of Red Hat Cluster Suite 4WS",
"product_id": "4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64"
},
"product_reference": "rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"relates_to_product_reference": "4WS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.ppc64 as a component of Red Hat Cluster Suite 4WS",
"product_id": "4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64"
},
"product_reference": "rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"relates_to_product_reference": "4WS-cluster"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rgmanager-debuginfo-0:1.9.88-2.el4.x86_64 as a component of Red Hat Cluster Suite 4WS",
"product_id": "4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64"
},
"product_reference": "rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"relates_to_product_reference": "4WS-cluster"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-6552",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2008-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "519436"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rgmanager: multiple insecure temporary file use issues",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.src",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.src",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.src",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-6552"
},
{
"category": "external",
"summary": "RHBZ#519436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=519436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-6552",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6552"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-6552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6552"
}
],
"release_date": "2008-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-02-16T15:02:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.src",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.src",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.src",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
"products": [
"4AS-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.src",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.src",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.src",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rgmanager: multiple insecure temporary file use issues"
},
{
"acknowledgments": [
{
"names": [
"Raphael Geissert"
]
}
],
"cve": "CVE-2010-3389",
"discovery_date": "2010-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "639044"
}
],
"notes": [
{
"category": "description",
"text": "The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rgmanager: insecure library loading vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.src",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.src",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.src",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-3389"
},
{
"category": "external",
"summary": "RHBZ#639044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=639044"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3389"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3389",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3389"
}
],
"release_date": "2010-09-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-02-16T15:02:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.src",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.src",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.src",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0264"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.src",
"4AS-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4AS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.src",
"4ES-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4ES-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.i386",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.ia64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.ppc64",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.src",
"4WS-cluster:rgmanager-0:1.9.88-2.el4.x86_64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.i386",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ia64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.ppc64",
"4WS-cluster:rgmanager-debuginfo-0:1.9.88-2.el4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rgmanager: insecure library loading vulnerability"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.