6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
8.6%
The Cluster Configuration System provides the ability for nodes in a
cluster to obtain information about the cluster and each other. ccs_tool is
a program for making online updates to the cluster configuration file.
An insecure temporary file use flaw was found in ccs_tool. A local attacker
could use this flaw to conduct a symbolic link attack, allowing them to
overwrite (with the output of ccs_tool) an arbitrary file writable by the
victim running ccs_tool. (CVE-2008-6552)
All ccs users should upgrade to these updated packages, which correct this
issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i686 | ccs-devel | < 1.0.13-2 | ccs-devel-1.0.13-2.i686.rpm |
RedHat | any | i686 | ccs | < 1.0.13-2 | ccs-1.0.13-2.i686.rpm |