6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%
The pserver_shutdown function in fence_egenera in cman 2.20080629 and
2.20080801 allows local users to overwrite arbitrary files via a symlink
attack on the /tmp/eglog temporary file.
Author | Note |
---|---|
jdstrand | up priority to low, as it may be possible to DoS the system (eg overwriting /etc/shadow with garbage data) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.10 | noarch | redhat-cluster | < 2.20080826-0ubuntu1.3 | UNKNOWN |