Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:0266

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68851

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2011:0266

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2011:0266.

The fence package allows failed or unreachable nodes to be forcibly
restarted and removed from a cluster.

Insecure temporary file use flaws were found in fence_egenera, fence_apc,
and fence_apc_snmp. A local attacker could use these flaws to overwrite an
arbitrary file writable by the victim running those utilities via a
symbolic link attack. (CVE-2008-4192, CVE-2008-4579)

All fence users are advised to upgrade to this updated package, which
corrects these issues and adds these enhancements.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0266.html

Risk factor : High

CVSS Score:
6.9

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-4192
BugTraq ID: 30898
http://www.securityfocus.com/bid/30898
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html
http://uvw.ru/report.lenny.txt
http://www.openwall.com/lists/oss-security/2008/09/18/3
http://www.openwall.com/lists/oss-security/2008/09/24/2
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://www.redhat.com/support/errata/RHSA-2011-0266.html
http://secunia.com/advisories/31887
http://secunia.com/advisories/32387
http://secunia.com/advisories/32390
http://secunia.com/advisories/43362
http://www.ubuntu.com/usn/USN-875-1
http://www.vupen.com/english/advisories/2011/0419
XForce ISS Database: cman-fenceegenera-symlink(44845)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44845
Common Vulnerability Exposure (CVE) ID: CVE-2008-4579
31904
http://www.securityfocus.com/bid/31904
32387
32390
36530
http://secunia.com/advisories/36530
43362
ADV-2011-0419
FEDORA-2008-9042
RHSA-2009:1341
http://www.redhat.com/support/errata/RHSA-2009-1341.html
RHSA-2011:0266
USN-875-1
[oss-security] 20081013 Re: CVE Request
http://www.openwall.com/lists/oss-security/2008/10/13/3
http://bugs.gentoo.org/show_bug.cgi?id=240576
https://bugzilla.redhat.com/show_bug.cgi?id=467386
oval:org.mitre.oval:def:10799
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10799

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68851
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:0266
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:0266. The fence package allows failed or unreachable nodes to be forcibly restarted and removed from a cluster. Insecure temporary file use flaws were found in fence_egenera, fence_apc, and fence_apc_snmp. A local attacker could use these flaws to overwrite an arbitrary file writable by the victim running those utilities via a symbolic link attack. (CVE-2008-4192, CVE-2008-4579) All fence users are advised to upgrade to this updated package, which corrects these issues and adds these enhancements. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0266.html Risk factor : High CVSS Score: 6.9
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4192 BugTraq ID: 30898 http://www.securityfocus.com/bid/30898 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html http://uvw.ru/report.lenny.txt http://www.openwall.com/lists/oss-security/2008/09/18/3 http://www.openwall.com/lists/oss-security/2008/09/24/2 http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.redhat.com/support/errata/RHSA-2011-0266.html http://secunia.com/advisories/31887 http://secunia.com/advisories/32387 http://secunia.com/advisories/32390 http://secunia.com/advisories/43362 http://www.ubuntu.com/usn/USN-875-1 http://www.vupen.com/english/advisories/2011/0419 XForce ISS Database: cman-fenceegenera-symlink(44845) https://exchange.xforce.ibmcloud.com/vulnerabilities/44845 Common Vulnerability Exposure (CVE) ID: CVE-2008-4579 31904 http://www.securityfocus.com/bid/31904 32387 32390 36530 http://secunia.com/advisories/36530 43362 ADV-2011-0419 FEDORA-2008-9042 RHSA-2009:1341 http://www.redhat.com/support/errata/RHSA-2009-1341.html RHSA-2011:0266 USN-875-1 [oss-security] 20081013 Re: CVE Request http://www.openwall.com/lists/oss-security/2008/10/13/3 http://bugs.gentoo.org/show_bug.cgi?id=240576 https://bugzilla.redhat.com/show_bug.cgi?id=467386 oval:org.mitre.oval:def:10799 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10799
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com