Oracle Linux 5 : cman (ELSA-2009-1341)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-1341 advisory. 2.0.115-1 - RSA II fencing agent has been fixed. - Resolves: rhbz493802 2.0.114-1 - local variable 'verbosefilename' referenced before assignment has...

Scientific Linux Security Update : fence on SL4.x i386/x86_64

Insecure temporary file use flaws were found in fenceegenera, fenceapc, and fenceapcsnmp. A local attacker could use these flaws to overwrite an arbitrary file writable by the victim running those utilities via a symbolic link attack. CVE-2008-4192, CVE-2008-4579 This update also fixes the...

cman/fence: insecure temporary file usage in the apc fence agents

The 1 fenceapc and 2 fenceapcsnmp programs, as used in a fence 2.02.00-r1 and possibly b cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file...

Code injection

The 1 fenceapc and 2 fenceapcsnmp programs, as used in a fence 2.02.00-r1 and possibly b cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file...

CVE-2008-4579

CVE-2008-4579 is tied to the fence components (fence_apc and fence_apc_snmp) used by fence 2.02.00-r1 and possibly cman. The vulnerability arises from insecure temporary file handling in verbose mode, enabling a local attacker to perform a symlink attack against the apclog file and append data to...

CVE-2008-4579

The 1 fenceapc and 2 fenceapcsnmp programs, as used in a fence 2.02.00-r1 and possibly b cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file...