PT-2009-2022 · Red Hat · Red Hat Cluster Project+4
Published
2009-03-30
·
Updated
2017-09-29
·
CVE-2008-6552
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Red Hat Cluster Project versions 2.x
Resource Group Manager (rgmanager) versions prior to 2.03.09-1
gfs2-utils versions prior to 2.03.09-1
CMAN - The Cluster Manager versions prior to 2.03.09-1
Description
The issue allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp. This involves unspecified components in the affected software.
Recommendations
For Red Hat Cluster Project version 2.x, update to a version later than 2.x.
For Resource Group Manager (rgmanager) version prior to 2.03.09-1, update to version 2.03.09-1 or later.
For gfs2-utils version prior to 2.03.09-1, update to version 2.03.09-1 or later.
For CMAN - The Cluster Manager version prior to 2.03.09-1, update to version 2.03.09-1 or later.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cman - The Cluster Manager
Red Hat
Red Hat Cluster Project
Resource Group Manager
Gfs2-Utils