The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 02:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file. |
02 Feb 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2008-4579 cman/fence: insecure temporary file usage in the apc fence agents |
Information
Published : 2008-10-15 20:08
Updated : 2023-12-10 10:51
NVD link : CVE-2008-4579
Mitre link : CVE-2008-4579
CVE.ORG link : CVE-2008-4579
JSON object : View
Products Affected
gentoo
- cman
- fence
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')