blob: 163ac30139c6375c4b2b1903bb2fb890c15df801 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="201009-09">
<title>fence: Multiple symlink vulnerabilities</title>
fence contains multiple programs containing vulnerabilities that may allow
local users to overwrite arbitrary files via a symlink attack.
<product type="ebuild">fence</product>
<announced>September 29, 2010</announced>
<revised>September 29, 2010: 01</revised>
<package name="sys-cluster/fence" auto="yes" arch="*">
<vulnerable range="lt">2.03.09</vulnerable>
fence is an I/O group fencing system.
The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual
(CVE-2008-4580) programs contain symlink vulnerabilities.
<impact type="normal">
These vulnerabilities may allow arbitrary files to be overwritten with
root privileges.
There is no known workaround at this time.
Gentoo discontinued support for fence. All fence users should uninstall
and choose another software that provides the same functionality.
# emerge --unmerge sys-cluster/fence</code>
<uri link="">CVE-2008-4579</uri>
<uri link="">CVE-2008-4580</uri>
<metadata tag="requester" timestamp="Fri, 10 Jul 2009 11:03:13 +0000">
<metadata tag="submitter" timestamp="Sat, 10 Apr 2010 02:06:28 +0000">
<metadata tag="bugReady" timestamp="Mon, 31 May 2010 15:37:24 +0000">