Symlink Attack Vulnerability in Fence Utility by Red Hat
CVE-2008-4579

Currently unrated

Key Information:

Vendor

Gentoo

Status
Cman
Fence
Vendor
CVE Published:
15 October 2008

What is CVE-2008-4579?

The Fence utilities, specifically fence_apc and fence_apc_snmp, are susceptible to a symlink attack when operating in verbose mode. This security flaw allows local users to manipulate the apclog temporary file, potentially resulting in unauthorized file access or modification. It is crucial for users to ensure proper permissions and mitigate risk by updating their software to the latest versions, following vendor advisories.

References

http://bugs.gentoo.org/show_bug.cgi?id=240576
x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2009-1341.html
vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/32390
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.