Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: GLSA-201009-09 Normal: Fence Symlink Overwrite Risk

gentoo
Calendar Grey September 29, 2010
Dist Gentoo Esm H88
The Gentoo Linux Security Advisory GLSA 201009-09 warns of normal severity vulnerabilities in the fence utility and symlink attacks, advising updates and patches
fence contains multiple programs containing vulnerabilites that may allow local users to overwrite arbitrary files via a symlink attack.

Summary

The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual (CVE-2008-4580) programs contain symlink vulnerabilites.

Topics%20covered

Topics Covered

security advisory gentoo file overwrite symlink attack software discontinuation normal severity fence

Resolution

Gentoo discontinued support for fence. All fence users should uninstall and choose another software that provides the same functionality. # emerge --unmerge sys-cluster/fence

References

[ 1 ] CVE-2008-4579 https://www.cve.org/CVERecord?id=CVE-2008-4579 [ 2 ] CVE-2008-4580 https://www.cve.org/CVERecord?id=CVE-2008-4580

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201009-09
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: fence: Multiple symlink vulnerabilites
Date: September 29, 2010
Bugs: #240576
ID: 201009-09

Topics%20covered

Topics Covered

security advisory gentoo file overwrite symlink attack software discontinuation normal severity fence

Synopsis

fence contains multiple programs containing vulnerabilites that may allow local users to overwrite arbitrary files via a symlink attack.

Background

fence is an I/O group fencing system.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-cluster/fence < 2.03.09 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers.

Impact

===== These vulnerabilities may allow arbitrary files to be overwritten with root privileges.

Workaround

There is no known workaround at this time.

Related News

Your message here