Vulnerability CVE-2008-4192


Published: 2008-09-29   Modified: 2012-02-12

Description:
The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.

Type:

CWE-59

(Improper Link Resolution Before File Access ('Link Following'))

Vendor: Redhat
Product: CMAN 
Version: 2.20080801; 2.20080629;

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html
https://bugzilla.redhat.com/show_bug.cgi?id=460476
https://bugs.gentoo.org/show_bug.cgi?id=235770
http://xforce.iss.net/xforce/xfdb/44845
http://www.vupen.com/english/advisories/2011/0419
http://www.ubuntu.com/usn/USN-875-1
http://www.securityfocus.com/bid/30898
http://www.redhat.com/support/errata/RHSA-2011-0266.html
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://www.openwall.com/lists/oss-security/2008/09/24/2
http://www.openwall.com/lists/oss-security/2008/09/18/3
http://uvw.ru/report.lenny.txt
http://secunia.com/advisories/43362
http://secunia.com/advisories/32390
http://secunia.com/advisories/32387
http://secunia.com/advisories/31887
http://dev.gentoo.org/~rbu/security/debiantemp/cman
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410

Related CVE
CVE-2019-3888
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUE...
CVE-2019-3875
A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the sepa...
CVE-2019-3873
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further a...
CVE-2019-3872
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unau...
CVE-2019-10157
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NB...
CVE-2019-10150
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resul...
CVE-2017-15123
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms includin...
CVE-2019-10160
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by...

Copyright 2019, cxsecurity.com

 

Back to Top