English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66604
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-875-1 (redhat-cluster-suite)
Summary:Ubuntu USN-875-1 (redhat-cluster-suite)
Description:The remote host is missing an update to redhat-cluster-suite
announced via advisory USN-875-1.

Details follow:

Multiple insecure temporary file handling vulnerabilities were discovered
in Red Hat Cluster. A local attacker could exploit these to overwrite
arbitrary local files via symlinks. (CVE-2008-4192, CVE-2008-4579,
CVE-2008-4580, CVE-2008-6552)

It was discovered that CMAN did not properly handle malformed configuration
files. An attacker could cause a denial of service (via CPU consumption and
memory corruption) in a node if the attacker were able to modify the
cluster configuration for the node. (CVE-2008-6560)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
ccs 1.20060222-0ubuntu6.3
cman 1.20060222-0ubuntu6.3
fence 1.20060222-0ubuntu6.3
libcman1 1.20060222-0ubuntu6.3
rgmanager 1.20060222-0ubuntu6.3

Ubuntu 8.04 LTS:
cman 2.20080227-0ubuntu1.3
gfs2-tools 2.20080227-0ubuntu1.3
rgmanager 2.20080227-0ubuntu1.3

Ubuntu 8.10:
cman 2.20080826-0ubuntu1.3
gfs2-tools 2.20080826-0ubuntu1.3
rgmanager 2.20080826-0ubuntu1.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-875-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-4192
http://www.openwall.com/lists/oss-security/2008/09/18/3
http://www.openwall.com/lists/oss-security/2008/09/24/2
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://uvw.ru/report.lenny.txt
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html
http://www.redhat.com/support/errata/RHSA-2011-0266.html
http://www.ubuntu.com/usn/USN-875-1
BugTraq ID: 30898
http://www.securityfocus.com/bid/30898
http://secunia.com/advisories/32387
http://secunia.com/advisories/32390
http://secunia.com/advisories/31887
http://secunia.com/advisories/43362
http://www.vupen.com/english/advisories/2011/0419
XForce ISS Database: cman-fenceegenera-symlink(44845)
http://xforce.iss.net/xforce/xfdb/44845
Common Vulnerability Exposure (CVE) ID: CVE-2008-4579
http://bugs.gentoo.org/show_bug.cgi?id=240576
http://www.openwall.com/lists/oss-security/2008/10/13/3
http://www.redhat.com/support/errata/RHSA-2009-1341.html
BugTraq ID: 31904
http://www.securityfocus.com/bid/31904
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10799
http://secunia.com/advisories/36530
Common Vulnerability Exposure (CVE) ID: CVE-2008-4580
http://www.openwall.com/lists/oss-security/2008/10/16/1
XForce ISS Database: fence-fencemanual-symlink(45953)
http://xforce.iss.net/xforce/xfdb/45953
Common Vulnerability Exposure (CVE) ID: CVE-2008-6552
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html
http://www.redhat.com/support/errata/RHSA-2011-0264.html
http://www.redhat.com/support/errata/RHSA-2011-0265.html
RedHat Security Advisories: RHSA-2009:1337
http://rhn.redhat.com/errata/RHSA-2009-1337.html
http://www.redhat.com/support/errata/RHSA-2009-1339.html
BugTraq ID: 32179
http://www.securityfocus.com/bid/32179
http://osvdb.org/50299
http://osvdb.org/50300
http://osvdb.org/50301
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11404
http://secunia.com/advisories/32602
http://secunia.com/advisories/32616
http://secunia.com/advisories/43367
http://secunia.com/advisories/43372
http://secunia.com/advisories/36555
http://www.vupen.com/english/advisories/2011/0416
http://www.vupen.com/english/advisories/2011/0417
XForce ISS Database: clusterproject-unspecified-priv-escalation(46412)
http://xforce.iss.net/xforce/xfdb/46412
Common Vulnerability Exposure (CVE) ID: CVE-2008-6560
XForce ISS Database: cman-clusterconf-dos(49832)
http://xforce.iss.net/xforce/xfdb/49832
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.