Bug 467387 (CVE-2008-4580)
| Summary: | CVE-2008-4580 cman/fence: insecure temporary file usage in the manual fence agent | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | agk, ccaulfie, cfeist, edamato, fdinitto, kreilly, mbroz, swhiteho |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4580 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-11-12 16:27:24 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 469338 | ||
| Bug Blocks: | |||
|
Description
Tomas Hoger
2008-10-17 09:21:00 UTC
Issue affects fence packages in the Red Hat Cluster Suite for Red Hat Enterprise Linux 4, and cman packages in the Red Hat Enterprise Linux 5. Current git version of manual fencing agent is no longer affected, no fifo communication is used any more: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=tree;f=fence/agents;hb=HEAD FYI this bug does not affect F9 or cluster-2.03 releases. Fabio Manual fencing agent is documented as being provided for testing purposed only and should not be used in production environments. Therefore, there's no plan to fix this flaw in Red Hat Enterprise Linux 4 and 5 and will only be addressed in future product versions. |