Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0810151506390.15058@faron.mitre.org>
Date: Wed, 15 Oct 2008 15:07:40 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: coley@...re.org
Subject: Re: CVE Request



For the fence issues.

Which packages does the fence_manual issue affect?


======================================================
Name: CVE-2008-4579
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4579
Reference: MISC:http://bugs.gentoo.org/show_bug.cgi?id=240576
Reference: MLIST:[oss-security] 20081013 Re: CVE Request
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/13/3

The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a)
fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode,
allows local users to append to arbitrary files via a symlink attack
on the apclog temporary file.


======================================================
Name: CVE-2008-4580
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4580
Reference: MLIST:[oss-security] 20081013 Re: CVE Request
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/13/3

fence_manual in fence allows local users to modify arbitrary files via
a symlink attack on the fence_manual.fifo temporary file.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.