漏洞信息详情

fence 'fence_apc'和 'fence_apc_snmp' 不安全临时文件创建漏洞

• CNNVD编号：CNNVD-200810-274
• 危害等级： 低危
  
• CVE编号： CVE-2008-4579
• 漏洞类型： 后置链接
• 发布时间： 2008-10-15
• 威胁类型： 本地
• 更新时间： 2009-02-26
• 厂        商： gentoo
• 漏洞来源： Red Hat

漏洞简介

fence_apc和fence_apc_snmp程序,当在fence 2.02.00-r1以及cman中以verbose模式运行，本地用户可以通过对apclog临时文件发动一个符号链接攻击来附加任意文件。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Ubuntu Ubuntu Linux 8.10 lpia

Ubuntu cman_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/cman_2.20080826-0ub untu1.3_lpia.deb

Ubuntu gfs-tools_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/gfs-tools_2.2008082 6-0ubuntu1.3_lpia.deb

Ubuntu gfs2-tools_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/gfs2-tools_2.200808 26-0ubuntu1.3_lpia.deb

Ubuntu gnbd-client_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/gnbd-client_2.20080 826-0ubuntu1.3_lpia.deb

Ubuntu gnbd-server_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/gnbd-server_2.20080 826-0ubuntu1.3_lpia.deb

Ubuntu libccs-dev_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/libccs-dev_2.200808 26-0ubuntu1.3_lpia.deb

Ubuntu libccs-perl_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/universe/r/redhat-cluster/libccs-perl_2.2 0080826-0ubuntu1.3_lpia.deb

Ubuntu libccs3_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/libccs3_2.20080826- 0ubuntu1.3_lpia.deb

Ubuntu libcman-dev_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/libcman-dev_2.20080 826-0ubuntu1.3_lpia.deb

Ubuntu libcman3_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/libcman3_2.20080826 -0ubuntu1.3_lpia.deb

Ubuntu libdlm-dev_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/libdlm-dev_2.200808 26-0ubuntu1.3_lpia.deb

Ubuntu libdlm3_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/libdlm3_2.20080826- 0ubuntu1.3_lpia.deb

Ubuntu libdlmcontrol-dev_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/libdlmcontrol-dev_2 .20080826-0ubuntu1.3_lpia.deb

Ubuntu libdlmcontrol3_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/libdlmcontrol3_2.20 080826-0ubuntu1.3_lpia.deb

Ubuntu libfence-dev_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/libfence-dev_2.2008 0826-0ubuntu1.3_lpia.deb

Ubuntu libfence3_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/libfence3_2.2008082 6-0ubuntu1.3_lpia.deb

Ubuntu redhat-cluster-source_2.20080826-0ubuntu1.3_all.deb

http://security.ubuntu.com/ubuntu/pool/universe/r/redhat-cluster/redha t-cluster-source_2.20080826-0ubuntu1.3_all.deb

Ubuntu redhat-cluster-suite_2.20080826-0ubuntu1.3_all.deb

http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster/redhat-cl uster-suite_2.20080826-0ubuntu1.3_all.deb

Ubuntu rgmanager_2.20080826-0ubuntu1.3_lpia.deb

http://ports.ubuntu.com/pool/main/r/redhat-cluster/rgmanager_2.2008082 6-0ubuntu1.3_lpia.deb

Ubuntu Ubuntu Linux 6.06 LTS amd64

Ubuntu ccs_1.20060222-0ubuntu6.3_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/ccs _1.20060222-0ubuntu6.3_amd64.deb

Ubuntu cman_1.20060222-0ubuntu6.3_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cma n_1.20060222-0ubuntu6.3_amd64.deb

Ubuntu fence-gnbd_1.20060222-0ubuntu6.3_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/fen ce-gnbd_1.20060222-0ubuntu6.3_amd64.deb

Ubuntu fence_1.20060222-0ubuntu6.3_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/fen ce_1.20060222-0ubuntu6.3_amd64.deb

Ubuntu gfs-tools_1.20060222-0ubuntu6.3_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs -tools_1.20060222-0ubuntu6.3_amd64.deb

Ubuntu gnbd-client_1.20060222-0ubuntu6.3_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnb d-client_1.20060222-0ubuntu6.3_amd64.deb

Ubuntu gnbd-server_1.20060222-0ubuntu6.3_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnb d-server_1.20060222-0ubuntu6.3_amd64.deb

Ubuntu gulm_1.20060222-0ubuntu6.3_amd64.deb

http://security.ubuntu

参考网址

来源: FEDORA

名称: FEDORA-2008-9042

链接:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.HTML

来源: bugzilla.redhat.com

链接:https://bugzilla.redhat.com/show_bug.cgi?id=467386

来源: BID

名称: 31904

链接:http://www.securityfocus.com/bid/31904

来源: MLIST

名称: [oss-security] 20081013 Re: CVE Request

链接:http://www.openwall.com/lists/oss-security/2008/10/13/3

来源: SECUNIA

名称: 32390

链接:http://secunia.com/advisories/32390

来源: SECUNIA

名称: 32387

链接:http://secunia.com/advisories/32387

来源: MISC

链接:http://bugs.gentoo.org/show_bug.cgi?id=240576

受影响实体

• Gentoo Cman:2.02.00:R1  
• Gentoo Fence:2.02.00:R1  

补丁

暂无