Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4580 to the following vulnerability: fence_manual in fence allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file. References: http://www.openwall.com/lists/oss-security/2008/10/13/3
Issue affects fence packages in the Red Hat Cluster Suite for Red Hat Enterprise Linux 4, and cman packages in the Red Hat Enterprise Linux 5. Current git version of manual fencing agent is no longer affected, no fifo communication is used any more: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=tree;f=fence/agents;hb=HEAD
FYI this bug does not affect F9 or cluster-2.03 releases. Fabio
Manual fencing agent is documented as being provided for testing purposed only and should not be used in production environments. Therefore, there's no plan to fix this flaw in Red Hat Enterprise Linux 4 and 5 and will only be addressed in future product versions.