Executive Summary
Summary | |
---|---|
Title | cman security, bug fix, and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1341 | First vendor Publication | 2009-09-02 |
Vendor | RedHat | Last vendor Modification | 2009-09-02 |
Severity (Vendor) | Low | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated cman packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Cluster Manager (cman) utility provides services for managing a Linux cluster. Multiple insecure temporary file use flaws were found in fence_apc_snmp and ccs_tool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-4579, CVE-2008-6552) Bug fixes: * a buffer could overflow if cluster.conf had more than 52 entries per block inside the * the output of the group_tool dump subcommands were NULL padded. * using device="" instead of label="" no longer causes qdiskd to incorrectly exit. * the IPMI fencing agent has been modified to time out after 10 seconds. It is also now possible to specify a different timeout value with the '-t' option. * the IPMI fencing agent now allows punctuation in passwords. * quickly starting and stopping the cman service no longer causes the cluster membership to become inconsistent across the cluster. * an issue with lock syncing caused 'receive_own from' errors to be logged to '/var/log/messages'. * an issue which caused gfs_controld to segfault when mounting hundreds of file systems has been fixed. * the LPAR fencing agent now properly reports status when an LPAR is in Open Firmware mode. * the LPAR fencing agent now works properly with systems using the Integrated Virtualization Manager (IVM). * the APC SNMP fencing agent now properly recognizes outletStatusOn and outletStatusOff return codes from the SNMP agent. * the WTI fencing agent can now connect to fencing devices with no password. * the rps-10 fencing agent now properly performs a reboot when run with no options. * the IPMI fencing agent now supports different cipher types with the '-C' option. * qdisk now properly scans devices and partitions. * cman now checks to see if a new node has state to prevent killing the first node during cluster setup. * 'service qdiskd start' now works properly. * the McData fence agent now works properly with the McData Sphereon 4500 Fabric Switch. * the Egenera fence agent can now specify an SSH login name. * the APC fence agent now works with non-admin accounts when using the 3.5.x firmware. * fence_xvmd now tries two methods to reboot a virtual machine. * connections to OpenAIS are now allowed from unprivileged CPG clients with the user and group of 'ais'. * groupd no longer allows the default fence domain to be '0', which previously caused rgmanager to hang. Now, rgmanager no longer hangs. * the RSA fence agent now supports SSH enabled RSA II devices. * the DRAC fence agent now works with the Integrated Dell Remote Access Controller (iDRAC) on Dell PowerEdge M600 blade servers. * fixed a memory leak in cman. * qdisk now displays a warning if more than one label is found with the same name. * the DRAC5 fencing agent now shows proper usage instructions for the '-D' option. * cman no longer uses the wrong node name when getnameinfo() fails. * the SCSI fence agent now verifies that sg_persist is installed. * the DRAC5 fencing agent now properly handles modulename. * QDisk now logs warning messages if it appears its I/O to shared storage is hung. * fence_apc no longer fails with a pexpect exception. * removing a node from the cluster using 'cman_tool leave remove' now properly reduces the expected_votes and quorum. * a semaphore leak in cman has been fixed. * 'cman_tool nodes -F name' no longer segfaults when a node is out of membership. Enhancements: * support for: ePowerSwitch 8+ and LPAR/HMC v3 devices, Cisco MDS 9124 and MDS 9134 SAN switches, the virsh fencing agent, and broadcast communication with cman. * fence_scsi limitations added to fence_scsi man page. Users of cman are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 276541 - fence_impilan blocks alternative fencing agents when connectivity to IPMI fails. 322291 - rps-10 fence agent does not perform default reboot action 447497 - RFE: support for IPMI v2.0 ciphersuites in fence_ipmilan 447964 - fence_ipmilan does not handle punctuation in password 467386 - CVE-2008-4579 cman/fence: insecure temporary file usage in the apc fence agents 468966 - Possible buffer overflow in cman config loader can lead to memory corruption 472460 - cman_tool nodes -F name segfaults when a node is out of membership 472786 - cluster view inconsistent after "service cman stop; service cman start" 473961 - clvmd memory leak 474163 - gfs_controld: receive_own from N messages with plock_ownership enabled 480178 - fence_xvmd Fails to Reboot VM 480401 - gfs_controld segfault during multiple mount attempt 480836 - [RFE] Add support for Cisco 9124 and 9134 SAN switches as fence devices 481566 - [PATCH] /sbin/fence_lpar - properly report status on systems in Open Firmware 481664 - fence_wti is unable to connect to (password-less) fencing device 484095 - fence_apc_snmp: invalid status outletStatusOff 484956 - qdiskd does not prune partitions mapped to dm-mpio devices 485026 - Cman kills first node in initial cluster setup 485199 - 'service qdiskd restart' doesn't work 485469 - Normal users cannot run CPG clients if openais is started by cman. 485700 - fence_lpar doesn't work with hmc version 3 487436 - Qdisk should choose first disk if multiple disks containing same label exist 487501 - Exceptions in fencing agents 488565 - cman uses local node name for lookup during start up 488958 - GFS: Allow fence_egenera to specify ssh login name 491640 - APC Fence Agent does not work with non-admin account 493165 - group_tool ls fence returns one for fence id ZERO 493207 - groupd assigns zero group id 493802 - [RFE] Providing support for ssh enabled RSA II fence devices 496629 - [RFE] Include fence_virsh along with the present agents 496724 - fence_drac5 uses module_name instead of modulename 498329 - fence_drac5 help output shows incorrect usage 499767 - groupd segfaults on start 500450 - qdiskd I/O hang reporting 500567 - Flag added to openais to report security errors causes cman not to build 501586 - fence agents (fence_apc, fence_wti) fails with pexpect exception 502674 - fence_lpar can't log in to IVM systems 504705 - fence_lpar: lssyscfg command on HMC can take longer than SHELL_TIMEOUT 505258 - cman_tool leave remove does not reduce quorum 505594 - semaphore leak during cluster startup/shutdown cycle 512998 - Fence_scsi limitations man page fix needed 514758 - [RHEL5][cman] fence_apc_snmp: local variable 'verbose_filename' referenced before assignment 519436 - CVE-2008-6552 cman, gfs2-utils, rgmanager: multiple insecure temporary file use issues |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1341.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10799 | |||
Oval ID: | oval:org.mitre.oval:def:10799 | ||
Title: | The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file. | ||
Description: | The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4579 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11404 | |||
Oval ID: | oval:org.mitre.oval:def:11404 | ||
Title: | Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||
Description: | Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-6552 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22793 | |||
Oval ID: | oval:org.mitre.oval:def:22793 | ||
Title: | ELSA-2009:1337: gfs2-utils security and bug fix update (Low) | ||
Description: | Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1337-02 CVE-2008-6552 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | gfs2-utils |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22844 | |||
Oval ID: | oval:org.mitre.oval:def:22844 | ||
Title: | ELSA-2009:1341: cman security, bug fix, and enhancement update (Low) | ||
Description: | Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1341-02 CVE-2008-4579 CVE-2008-6552 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | cman |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22968 | |||
Oval ID: | oval:org.mitre.oval:def:22968 | ||
Title: | ELSA-2009:1339: rgmanager security, bug fix, and enhancement update (Low) | ||
Description: | Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1339-02 CVE-2008-6552 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | rgmanager |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28953 | |||
Oval ID: | oval:org.mitre.oval:def:28953 | ||
Title: | RHSA-2009:1337 -- gfs2-utils security and bug fix update (Low) | ||
Description: | An updated gfs2-utils package that fixes multiple security issues and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. The gfs2-utils package provides the user-space tools necessary to mount, create, maintain, and test GFS2 file systems. Multiple insecure temporary file use flaws were discovered in GFS2 user level utilities. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-6552) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1337 CESA-2009:1337-CentOS 5 CVE-2008-6552 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | gfs2-utils |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29052 | |||
Oval ID: | oval:org.mitre.oval:def:29052 | ||
Title: | RHSA-2009:1341 -- cman security, bug fix, and enhancement update (Low) | ||
Description: | Updated cman packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. The Cluster Manager (cman) utility provides services for managing a Linux cluster. Multiple insecure temporary file use flaws were found in fence_apc_snmp and ccs_tool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-4579, CVE-2008-6552) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1341 CESA-2009:1341-CentOS 5 CVE-2008-4579 CVE-2008-6552 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | cman |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for gfs2-utils CESA-2009:1337 centos5 i386 File : nvt/gb_CESA-2009_1337_gfs2-utils_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for rgmanager CESA-2009:1339 centos5 i386 File : nvt/gb_CESA-2009_1339_rgmanager_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for cman CESA-2009:1341 centos5 i386 File : nvt/gb_CESA-2009_1341_cman_centos5_i386.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201009-09 (fence) File : nvt/glsa_201009_09.nasl |
2009-12-30 | Name : Ubuntu USN-875-1 (redhat-cluster-suite) File : nvt/ubuntu_875_1.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1341 (cman) File : nvt/ovcesa2009_1341.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1339 (rgmanager) File : nvt/ovcesa2009_1339.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1337 (gfs2-utils) File : nvt/ovcesa2009_1337.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1339 File : nvt/RHSA_2009_1339.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1341 File : nvt/RHSA_2009_1341.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1337 File : nvt/RHSA_2009_1337.nasl |
2009-02-17 | Name : Fedora Update for cman FEDORA-2008-9458 File : nvt/gb_fedora_2008_9458_cman_fc9.nasl |
2009-02-17 | Name : Fedora Update for gfs2-utils FEDORA-2008-9458 File : nvt/gb_fedora_2008_9458_gfs2-utils_fc9.nasl |
2009-02-17 | Name : Fedora Update for rgmanager FEDORA-2008-9458 File : nvt/gb_fedora_2008_9458_rgmanager_fc9.nasl |
2009-02-17 | Name : Fedora Update for rgmanager FEDORA-2008-9042 File : nvt/gb_fedora_2008_9042_rgmanager_fc9.nasl |
2009-02-17 | Name : Fedora Update for gfs2-utils FEDORA-2008-9042 File : nvt/gb_fedora_2008_9042_gfs2-utils_fc9.nasl |
2009-02-17 | Name : Fedora Update for cman FEDORA-2008-9042 File : nvt/gb_fedora_2008_9042_cman_fc9.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50300 | Cluster Project rgmanager Unspecified Temporary Files Privilege Escalation |
50047 | fence fence_apc_snmp apclog Temporary File Symlink Arbitrary File Modification |
50046 | fence fence_apc apclog Temporary File Symlink Arbitrary File Modification |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1339.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1341.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_cman_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090902_gfs2_utils_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090902_rgmanager_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110216_ccs_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110216_fence_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110216_rgmanager_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-09.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1337.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1339.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1341.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-875-1.nasl - Type : ACT_GATHER_INFO |
2009-09-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1337.nasl - Type : ACT_GATHER_INFO |
2008-11-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-9458.nasl - Type : ACT_GATHER_INFO |
2008-10-24 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-9042.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:51 |
|