Description
Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.
Affected products
- fedoraproject / fedora9 – 9
- RedHat / cluster_project2.01.00 – 2.01.00
- RedHat / cluster_project2.02.00 – 2.02.00
- RedHat / cluster_project2.03.00 – 2.03.00
- RedHat / cluster_project2.03.01 – 2.03.01
- RedHat / cluster_project2.03.03 – 2.03.03
- RedHat / cluster_project2.03.04 – 2.03.04
- RedHat / cluster_project2.03.05 – 2.03.05
- RedHat / cluster_project2.03.7 – 2.03.7
- RedHat / cluster_project2.03.08 – 2.03.08
- RedHat / cluster_project2.00.00 – 2.00.00
- RedHat / cluster_project2.03.10 – 2.03.10
- RedHat / cluster_project2.03.11 – 2.03.11
- RedHat / cluster_project2.99.00 – 2.99.00
- RedHat / cluster_project2.99.01 – 2.99.01
- RedHat / cluster_project2.99.02 – 2.99.02
- RedHat / cluster_project2.99.03 – 2.99.03
- RedHat / cluster_project2.99.04 – 2.99.04
- RedHat / cluster_project2.99.05 – 2.99.05
- RedHat / cluster_project2.99.06 – 2.99.06
- RedHat / cluster_project2.99.07 – 2.99.07
- RedHat / cluster_project2.99.08 – 2.99.08
- RedHat / cluster_project2.99.09 – 2.99.09
- RedHat / cluster_project2.99.10 – 2.99.10
- RedHat / cluster_project2.99.11 – 2.99.11
- RedHat / cluster_project2.99.12 – 2.99.12
- RedHat / cluster_project2.99.13 – 2.99.13
- RedHat / cluster_project2.03.09 – 2.03.09
- RedHat / cman2.03.03-1 – 2.03.03-1
- RedHat / cman2.03.05-1 – 2.03.05-1
- RedHat / cman2.03.07-1 – 2.03.07-1
- RedHat / cman2.03.08-1 – 2.03.08-1
- RedHat / cman2.03.04-1 – 2.03.04-1
- RedHat / gfs2-utils22.03.08-1 – 22.03.08-1
- RedHat / gfs2-utils2.03.03-1 – 2.03.03-1
- RedHat / gfs2-utils2.03.04-1 – 2.03.04-1
- RedHat / gfs2-utils2.03.05-1 – 2.03.05-1
- RedHat / gfs2-utils2.03.07-1 – 2.03.07-1
- RedHat / rgmanager2.03.03-1 – 2.03.03-1
- RedHat / rgmanager2.03.05-1 – 2.03.05-1
- RedHat / rgmanager2.03.07-1 – 2.03.07-1
- RedHat / rgmanager2.03.08-1 – 2.03.08-1
- RedHat / rgmanager2.03.04-1 – 2.03.04-1
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/32616
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0416
- MISChttp://www.redhat.com/support/errata/RHSA-2009-1341.html
- MISChttp://www.redhat.com/support/errata/RHSA-2011-0264.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/36555
- MISChttp://www.securityfocus.com/bid/32179
- MISChttp://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0417
- VENDOR_ADVISORYhttp://secunia.com/advisories/32602
- VENDOR_ADVISORYhttp://secunia.com/advisories/43372
- VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-875-1
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11404
- MISChttp://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html
- MISChttp://osvdb.org/50300
- MISChttp://rhn.redhat.com/errata/RHSA-2009-1337.html
- MISChttp://www.redhat.com/support/errata/RHSA-2011-0265.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/43367
- MISChttp://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/46412
- VENDOR_ADVISORYhttp://secunia.com/advisories/36530
- MISChttp://osvdb.org/50301
- MISChttp://www.redhat.com/support/errata/RHSA-2009-1339.html
- MISChttp://osvdb.org/50299