Executive Summary

Informations
Name CVE-2008-4192 First vendor Publication 2008-09-29
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4192

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

OpenVAS Exploits

Date Description
2009-12-30 Name : Ubuntu USN-875-1 (redhat-cluster-suite)
File : nvt/ubuntu_875_1.nasl
2009-02-17 Name : Fedora Update for cman FEDORA-2008-9042
File : nvt/gb_fedora_2008_9042_cman_fc9.nasl
2009-02-17 Name : Fedora Update for gfs2-utils FEDORA-2008-9042
File : nvt/gb_fedora_2008_9042_gfs2-utils_fc9.nasl
2009-02-17 Name : Fedora Update for rgmanager FEDORA-2008-9042
File : nvt/gb_fedora_2008_9042_rgmanager_fc9.nasl
2009-02-17 Name : Fedora Update for cman FEDORA-2008-9458
File : nvt/gb_fedora_2008_9458_cman_fc9.nasl
2009-02-17 Name : Fedora Update for gfs2-utils FEDORA-2008-9458
File : nvt/gb_fedora_2008_9458_gfs2-utils_fc9.nasl
2009-02-17 Name : Fedora Update for rgmanager FEDORA-2008-9458
File : nvt/gb_fedora_2008_9458_rgmanager_fc9.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
48268 cman fence_egenera pserver_shutdown Function Temporary File Symlink Arbitrary...

Nessus® Vulnerability Scanner

Date Description
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110216_fence_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2009-12-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-875-1.nasl - Type : ACT_GATHER_INFO
2008-10-24 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-9042.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410
http://dev.gentoo.org/~rbu/security/debiantemp/cman
http://secunia.com/advisories/31887
http://secunia.com/advisories/32387
http://secunia.com/advisories/32390
http://secunia.com/advisories/43362
http://uvw.ru/report.lenny.txt
http://www.openwall.com/lists/oss-security/2008/09/18/3
http://www.openwall.com/lists/oss-security/2008/09/24/2
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://www.redhat.com/support/errata/RHSA-2011-0266.html
http://www.securityfocus.com/bid/30898
http://www.ubuntu.com/usn/USN-875-1
http://www.vupen.com/english/advisories/2011/0419
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://bugzilla.redhat.com/show_bug.cgi?id=460476
https://exchange.xforce.ibmcloud.com/vulnerabilities/44845
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2024-11-28 23:13:25
  • Multiple Updates
2024-11-28 12:16:32
  • Multiple Updates
2021-05-04 12:08:04
  • Multiple Updates
2021-04-22 01:08:25
  • Multiple Updates
2020-05-23 00:22:17
  • Multiple Updates
2017-08-08 09:24:24
  • Multiple Updates
2016-04-26 17:50:57
  • Multiple Updates
2014-02-17 10:46:38
  • Multiple Updates
2013-05-11 00:26:53
  • Multiple Updates