New Search

RHSA-2009:1341 -- cman security bug fix and enhancement update (Low)

oval:org.mitre.oval:def:29052

Updated cman packages that fix several security issues various bugs and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. The Cluster Manager (cman) utility provides services for managing a Linux cluster. Multiple insecure temporary file use flaws were found in fence_apc_snmp and ccs_tool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-4579 CVE-2008-6552)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
Class:
patch
Reference(s):
  • RHSA-2009:1341
  • CESA-2009:1341-CentOS 5
  • CVE-2008-4579
  • CVE-2008-6552
Product(s):
  • cman