498985 – rgmanager is affected by several symlink attack vulnerabilities

Bug 498985 - rgmanager is affected by several symlink attack vulnerabilities

Summary: rgmanager is affected by several symlink attack vulnerabilities

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Cluster Suite
Classification:	Retired
Component:	rgmanager
Sub Component:
Version:	4
Hardware:	All
OS:	Linux
Priority:	high
Severity:	urgent
Target Milestone:	---
Assignee:	Lon Hohberger
QA Contact:	Cluster QE
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	519686 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-05-04 17:10 UTC by Fabio Massimo Di Nitto
Modified:	2016-04-27 04:31 UTC (History)
CC List:	9 users (show)
Fixed In Version:	rgmanager-1.9.88-1.el4
Doc Type:	Bug Fix
Doc Text:	Previously, the rgmanager contained several symlink vulnerabilities. With this update, there are no more vulnerabilities in the rgmanager.
Clone Of:	469338
Environment:
Last Closed:	2011-02-16 15:09:24 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:0264	0	normal	SHIPPED_LIVE	Low: rgmanager security and bug fix update	2011-02-16 15:07:04 UTC

Comment 3 Florian Nadge 2011-01-03 14:10:24 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, the isAlive check could fail if two nodes used the same file name. With this update, the isAlive function prevents two nodes from using the same file name.

Comment 4 Florian Nadge 2011-01-03 14:11:11 UTC

    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1 @@
-Previously, the isAlive check could fail if two nodes used the same file name. With this update, the isAlive function prevents two nodes from using the same file name.+Previously, the rgmanager contained several symlink vulnerabilities. With this update, there are no more vulnerabilities in the rgmanager.

Comment 5 Huzaifa S. Sidhpurwala 2011-01-31 05:58:14 UTC

*** Bug 519686 has been marked as a duplicate of this bug. ***

Comment 6 errata-xmlrpc 2011-02-16 15:09:24 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0264.html

Note You need to log in before you can comment on or make changes to this bug.