漏洞信息详情
fence 'fence_apc'和 'fence_apc_snmp' 不安全临时文件创建漏洞
- CNNVD编号:CNNVD-200810-274
- 危害等级: 低危
- CVE编号: CVE-2008-4579
- 漏洞类型: 后置链接
- 发布时间: 2008-10-15
- 威胁类型: 本地
- 更新时间: 2009-02-26
- 厂 商: gentoo
- 漏洞来源: Red Hat
漏洞简介
fence_apc和fence_apc_snmp程序,当在fence 2.02.00-r1以及cman中以verbose模式运行,本地用户可以通过对apclog临时文件发动一个符号链接攻击来附加任意文件。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu cman_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/cman_2.20080826-0ub untu1.3_lpia.deb
Ubuntu gfs-tools_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/gfs-tools_2.2008082 6-0ubuntu1.3_lpia.deb
Ubuntu gfs2-tools_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/gfs2-tools_2.200808 26-0ubuntu1.3_lpia.deb
Ubuntu gnbd-client_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/gnbd-client_2.20080 826-0ubuntu1.3_lpia.deb
Ubuntu gnbd-server_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/gnbd-server_2.20080 826-0ubuntu1.3_lpia.deb
Ubuntu libccs-dev_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/libccs-dev_2.200808 26-0ubuntu1.3_lpia.deb
Ubuntu libccs-perl_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/universe/r/redhat-cluster/libccs-perl_2.2 0080826-0ubuntu1.3_lpia.deb
Ubuntu libccs3_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/libccs3_2.20080826- 0ubuntu1.3_lpia.deb
Ubuntu libcman-dev_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/libcman-dev_2.20080 826-0ubuntu1.3_lpia.deb
Ubuntu libcman3_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/libcman3_2.20080826 -0ubuntu1.3_lpia.deb
Ubuntu libdlm-dev_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/libdlm-dev_2.200808 26-0ubuntu1.3_lpia.deb
Ubuntu libdlm3_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/libdlm3_2.20080826- 0ubuntu1.3_lpia.deb
Ubuntu libdlmcontrol-dev_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/libdlmcontrol-dev_2 .20080826-0ubuntu1.3_lpia.deb
Ubuntu libdlmcontrol3_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/libdlmcontrol3_2.20 080826-0ubuntu1.3_lpia.deb
Ubuntu libfence-dev_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/libfence-dev_2.2008 0826-0ubuntu1.3_lpia.deb
Ubuntu libfence3_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/libfence3_2.2008082 6-0ubuntu1.3_lpia.deb
Ubuntu redhat-cluster-source_2.20080826-0ubuntu1.3_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/r/redhat-cluster/redha t-cluster-source_2.20080826-0ubuntu1.3_all.deb
Ubuntu redhat-cluster-suite_2.20080826-0ubuntu1.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster/redhat-cl uster-suite_2.20080826-0ubuntu1.3_all.deb
Ubuntu rgmanager_2.20080826-0ubuntu1.3_lpia.deb
http://ports.ubuntu.com/pool/main/r/redhat-cluster/rgmanager_2.2008082 6-0ubuntu1.3_lpia.deb
Ubuntu Ubuntu Linux 6.06 LTS amd64
Ubuntu ccs_1.20060222-0ubuntu6.3_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/ccs _1.20060222-0ubuntu6.3_amd64.deb
Ubuntu cman_1.20060222-0ubuntu6.3_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cma n_1.20060222-0ubuntu6.3_amd64.deb
Ubuntu fence-gnbd_1.20060222-0ubuntu6.3_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/fen ce-gnbd_1.20060222-0ubuntu6.3_amd64.deb
Ubuntu fence_1.20060222-0ubuntu6.3_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/fen ce_1.20060222-0ubuntu6.3_amd64.deb
Ubuntu gfs-tools_1.20060222-0ubuntu6.3_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs -tools_1.20060222-0ubuntu6.3_amd64.deb
Ubuntu gnbd-client_1.20060222-0ubuntu6.3_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnb d-client_1.20060222-0ubuntu6.3_amd64.deb
Ubuntu gnbd-server_1.20060222-0ubuntu6.3_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnb d-server_1.20060222-0ubuntu6.3_amd64.deb
Ubuntu gulm_1.20060222-0ubuntu6.3_amd64.deb
http://security.ubuntu
参考网址
来源: FEDORA
名称: FEDORA-2008-9042
链接:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.HTML
来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=467386
来源: BID
名称: 31904
链接:http://www.securityfocus.com/bid/31904
来源: MLIST
名称: [oss-security] 20081013 Re: CVE Request
链接:http://www.openwall.com/lists/oss-security/2008/10/13/3
来源: SECUNIA
名称: 32390
链接:http://secunia.com/advisories/32390
来源: SECUNIA
名称: 32387
链接:http://secunia.com/advisories/32387
来源: MISC
链接:http://bugs.gentoo.org/show_bug.cgi?id=240576
受影响实体
- Gentoo Cman:2.02.00:R1
- Gentoo Fence:2.02.00:R1
补丁
暂无
评论