Executive Summary
Summary | |
---|---|
Title | rgmanager security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:0264 | First vendor Publication | 2011-02-16 |
Vendor | RedHat | Last vendor Modification | 2011-02-16 |
Severity (Vendor) | Low | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated rgmanager package that fixes multiple security issues and several bugs is now available for Red Hat Cluster Suite 4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Cluster Suite 4AS - i386, ia64, ppc, x86_64 Red Hat Cluster Suite 4ES - i386, ia64, x86_64 Red Hat Cluster Suite 4WS - i386, ia64, x86_64 3. Description: The rgmanager package contains the Red Hat Resource Group Manager, which provides high availability for critical server applications. Multiple insecure temporary file use flaws were discovered in rgmanager and various resource scripts run by rgmanager. A local attacker could use these flaws to overwrite an arbitrary file writable by the rgmanager process (i.e. user root) with the output of rgmanager or a resource agent via a symbolic link attack. (CVE-2008-6552) It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library. (CVE-2010-3389) Red Hat would like to thank Raphael Geissert for reporting the CVE-2010-3389 issue. This update also fixes the following bugs: * Previously, starting threads could incorrectly include a reference to an exited thread if that thread exited when rgmanager received a request to start a new thread. Due to this issue, the new thread did not retry and entered an infinite loop. This update ensures that new threads do not reference old threads. Now, new threads no longer enter an infinite loop in which the rgmanager enables and disables services without failing gracefully. (BZ#502872) * Previously, nfsclient.sh left temporary nfsclient-status-cache-$$ files in /tmp/. (BZ#506152) * Previously, the function local_node_name in /resources/utils/member_util.sh did not correctly check whether magma_tool failed. Due to this issue, empty strings could be returned. This update checks the input and rejects empty strings. (BZ#516758) * Previously, the file system agent could kill a process when an application used a mount point with a similar name to a mount point managed by rgmanager using force_unmount. With this update, the file system agent kills only the processes that access the mount point managed by rgmanager. (BZ#555901) * Previously, simultaneous execution of "lvchange --deltag" from /etc/init.d/rgmanager caused a checksum error on High Availability Logical Volume Manager (HA-LVM). With this update, ownership of LVM tags is checked before removing them. (BZ#559582) * Previously, the isAlive check could fail if two nodes used the same file name. With this update, the isAlive function prevents two nodes from using the same file name. (BZ#469815) * Previously, the S/Lang code could lead to unwanted S/Lang stack leaks during event processing. (BZ#507430) All users of rgmanager are advised to upgrade to this updated package, which corrects these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 469815 - clurgmgrd[15993]: |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-0264.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11404 | |||
Oval ID: | oval:org.mitre.oval:def:11404 | ||
Title: | Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||
Description: | Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-6552 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21732 | |||
Oval ID: | oval:org.mitre.oval:def:21732 | ||
Title: | RHSA-2011:1000: rgmanager security, bug fix, and enhancement update (Low) | ||
Description: | The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1000-01 CESA-2011:1000 CVE-2010-3389 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | rgmanager |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22793 | |||
Oval ID: | oval:org.mitre.oval:def:22793 | ||
Title: | ELSA-2009:1337: gfs2-utils security and bug fix update (Low) | ||
Description: | Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1337-02 CVE-2008-6552 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | gfs2-utils |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22844 | |||
Oval ID: | oval:org.mitre.oval:def:22844 | ||
Title: | ELSA-2009:1341: cman security, bug fix, and enhancement update (Low) | ||
Description: | Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1341-02 CVE-2008-4579 CVE-2008-6552 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | cman |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22968 | |||
Oval ID: | oval:org.mitre.oval:def:22968 | ||
Title: | ELSA-2009:1339: rgmanager security, bug fix, and enhancement update (Low) | ||
Description: | Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1339-02 CVE-2008-6552 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | rgmanager |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23200 | |||
Oval ID: | oval:org.mitre.oval:def:23200 | ||
Title: | ELSA-2011:1000: rgmanager security, bug fix, and enhancement update (Low) | ||
Description: | The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1000-01 CVE-2010-3389 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | rgmanager |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27542 | |||
Oval ID: | oval:org.mitre.oval:def:27542 | ||
Title: | DEPRECATED: ELSA-2011-1000 -- rgmanager security, bug fix, and enhancement update (low) | ||
Description: | [2.0.52-21] - rgmanager: Fix bad passing of SFL_FAILURE up (fix_bad_passing_of_sfl_failure_up.patch) Resolves: rhbz#711521 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1000 CVE-2010-3389 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | rgmanager |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28953 | |||
Oval ID: | oval:org.mitre.oval:def:28953 | ||
Title: | RHSA-2009:1337 -- gfs2-utils security and bug fix update (Low) | ||
Description: | An updated gfs2-utils package that fixes multiple security issues and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. The gfs2-utils package provides the user-space tools necessary to mount, create, maintain, and test GFS2 file systems. Multiple insecure temporary file use flaws were discovered in GFS2 user level utilities. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-6552) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1337 CESA-2009:1337-CentOS 5 CVE-2008-6552 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | gfs2-utils |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29052 | |||
Oval ID: | oval:org.mitre.oval:def:29052 | ||
Title: | RHSA-2009:1341 -- cman security, bug fix, and enhancement update (Low) | ||
Description: | Updated cman packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. The Cluster Manager (cman) utility provides services for managing a Linux cluster. Multiple insecure temporary file use flaws were found in fence_apc_snmp and ccs_tool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-4579, CVE-2008-6552) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1341 CESA-2009:1341-CentOS 5 CVE-2008-4579 CVE-2008-6552 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | cman |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for rgmanager CESA-2011:1000 centos5 x86_64 File : nvt/gb_CESA-2011_1000_rgmanager_centos5_x86_64.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-18 (rgmanager) File : nvt/glsa_201110_18.nasl |
2011-09-23 | Name : CentOS Update for rgmanager CESA-2011:1000 centos5 i386 File : nvt/gb_CESA-2011_1000_rgmanager_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for gfs2-utils CESA-2009:1337 centos5 i386 File : nvt/gb_CESA-2009_1337_gfs2-utils_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for rgmanager CESA-2009:1339 centos5 i386 File : nvt/gb_CESA-2009_1339_rgmanager_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for cman CESA-2009:1341 centos5 i386 File : nvt/gb_CESA-2009_1341_cman_centos5_i386.nasl |
2009-12-30 | Name : Ubuntu USN-875-1 (redhat-cluster-suite) File : nvt/ubuntu_875_1.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1337 (gfs2-utils) File : nvt/ovcesa2009_1337.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1339 (rgmanager) File : nvt/ovcesa2009_1339.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1341 (cman) File : nvt/ovcesa2009_1341.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1337 File : nvt/RHSA_2009_1337.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1339 File : nvt/RHSA_2009_1339.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1341 File : nvt/RHSA_2009_1341.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68808 | OCF Resource Agents Multiple Scripts LD_LIBRARY_PATH Zero-length Directory Na... |
50300 | Cluster Project rgmanager Unspecified Temporary Files Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-09.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1580.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1000.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1341.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1339.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_cman_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090902_gfs2_utils_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090902_rgmanager_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110216_ccs_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110216_rgmanager_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110721_rgmanager_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111206_resource_agents_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-18.nasl - Type : ACT_GATHER_INFO |
2011-09-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-1000.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1341.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1337.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1339.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-875-1.nasl - Type : ACT_GATHER_INFO |
2009-09-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1337.nasl - Type : ACT_GATHER_INFO |
2008-11-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-9458.nasl - Type : ACT_GATHER_INFO |