Vulnerability Name: CVE-2008-6552 (CCN-46412) Assigned: 2008-10-31 Published: 2008-10-31 Updated: 2017-09-29 Summary: Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. CVSS v3 Severity: 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C 5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P 3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
5.4 Medium (REDHAT CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:C 4.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): Complete
Vulnerability Type: CWE-59 CWE-377 Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2008-6552 50299 50300 50301 Low: gfs2-utils security and bug fix update RHSA-2009:1337 Low: rgmanager security, bug fix, and enhancement update Low: cman security, bug fix, and enhancement update Low: rgmanager security and bug fix update Low: ccs security update Cluster Project Unspecified Insecure Temporary Files 32602 32616 36530 36555 43367 43372 Cluster3 Cluster Project CMAN Unspecified Temporary Files Privilege Escalation Cluster Project rgmanager Unspecified Temporary Files Privilege Escalation Cluster Project gfs2 Unspecified Temporary Files Privilege Escalation FEDORA-2008-9458 FEDORA-2008-9458 FEDORA-2008-9458 RHSA-2009:1339 RHSA-2009:1341 RHSA-2011:0264 RHSA-2011:0265 32179 cluster Multiple Insecure Temporary File Creation Vulnerabilities Red Hat Cluster Suite vulnerabilities USN-875-1 ADV-2011-0416 ADV-2011-0417 clusterproject-unspecified-priv-escalation(46412) clusterproject-unspecified-priv-escalation(46412) oval:org.mitre.oval:def:11404 [SECURITY] Fedora 9 Update: gfs2-utils-2.03.09-1.fc9 Vulnerable Configuration: Configuration 1 :cpe:/a:redhat:cluster_project:2.00.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.01.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.02.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.01:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.03:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.04:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.05:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.7:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.08:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.09:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.10:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.11:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.01:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.02:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.03:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.04:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.05:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.06:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.07:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.08:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.09:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.10:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.11:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.12:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.13:*:*:*:*:*:*:* Configuration 2 :cpe:/a:redhat:cman:2.03.03-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.04-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.05-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.07-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.08-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.03-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.04-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.05-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.07-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.08-1:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:9:*:*:*:*:*:*:* AND cpe:/a:redhat:gfs2-utils:2.03.03-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.04-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.05-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.07-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:22.03.08-1:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration RedHat 4 :cpe:/a:redhat:rhel_cluster:5:*:*:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration CCN 1 :cpe:/a:redhat:cluster_project:2.00.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.01.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.02.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.01:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.03:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.04:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.05:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.7:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.08:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.09:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.10:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.11:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.01:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.02:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.03:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.04:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.05:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.06:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.07:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.08:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.09:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.10:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.11:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.12:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.13:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:9:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.04-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.03-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.07-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.05-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.08-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.03-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.04-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.05-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.07-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.08-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.03-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.04-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.05-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.07-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:22.03.08-1:*:*:*:*:*:*:* AND cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:* OR cpe:/a:redhat:rhel_cluster:4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:* OR cpe:/a:redhat:rhel_cluster:5:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:* Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:28953 P RHSA-2009:1337 -- gfs2-utils security and bug fix update (Low) 2015-08-17 oval:org.mitre.oval:def:29052 P RHSA-2009:1341 -- cman security, bug fix, and enhancement update (Low) 2015-08-17 oval:org.mitre.oval:def:22968 P ELSA-2009:1339: rgmanager security, bug fix, and enhancement update (Low) 2014-07-21 oval:org.mitre.oval:def:12938 P USN-875-1 -- redhat-cluster, redhat-cluster-suite vulnerabilities 2014-06-30 oval:org.mitre.oval:def:22793 P ELSA-2009:1337: gfs2-utils security and bug fix update (Low) 2014-05-26 oval:org.mitre.oval:def:22844 P ELSA-2009:1341: cman security, bug fix, and enhancement update (Low) 2014-05-26 oval:org.mitre.oval:def:11404 V Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. 2013-04-29 oval:com.redhat.rhsa:def:20091337 P RHSA-2009:1337: gfs2-utils security and bug fix update (Low) 2009-09-02 oval:com.redhat.rhsa:def:20091339 P RHSA-2009:1339: rgmanager security, bug fix, and enhancement update (Low) 2009-09-02 oval:com.redhat.rhsa:def:20091341 P RHSA-2009:1341: cman security, bug fix, and enhancement update (Low) 2009-09-02
BACK
redhat cluster project 2.00.00
redhat cluster project 2.01.00
redhat cluster project 2.02.00
redhat cluster project 2.03.00
redhat cluster project 2.03.01
redhat cluster project 2.03.03
redhat cluster project 2.03.04
redhat cluster project 2.03.05
redhat cluster project 2.03.7
redhat cluster project 2.03.08
redhat cluster project 2.03.09
redhat cluster project 2.03.10
redhat cluster project 2.03.11
redhat cluster project 2.99.00
redhat cluster project 2.99.01
redhat cluster project 2.99.02
redhat cluster project 2.99.03
redhat cluster project 2.99.04
redhat cluster project 2.99.05
redhat cluster project 2.99.06
redhat cluster project 2.99.07
redhat cluster project 2.99.08
redhat cluster project 2.99.09
redhat cluster project 2.99.10
redhat cluster project 2.99.11
redhat cluster project 2.99.12
redhat cluster project 2.99.13
redhat cman 2.03.03-1
redhat cman 2.03.04-1
redhat cman 2.03.05-1
redhat cman 2.03.07-1
redhat cman 2.03.08-1
redhat rgmanager 2.03.03-1
redhat rgmanager 2.03.04-1
redhat rgmanager 2.03.05-1
redhat rgmanager 2.03.07-1
redhat rgmanager 2.03.08-1
fedoraproject fedora 9
redhat gfs2-utils 2.03.03-1
redhat gfs2-utils 2.03.04-1
redhat gfs2-utils 2.03.05-1
redhat gfs2-utils 2.03.07-1
redhat gfs2-utils 22.03.08-1
redhat cluster project 2.00.00
redhat cluster project 2.01.00
redhat cluster project 2.02.00
redhat cluster project 2.03.00
redhat cluster project 2.03.01
redhat cluster project 2.03.03
redhat cluster project 2.03.04
redhat cluster project 2.03.05
redhat cluster project 2.03.7
redhat cluster project 2.03.08
redhat cluster project 2.03.09
redhat cluster project 2.03.10
redhat cluster project 2.03.11
redhat cluster project 2.99.00
redhat cluster project 2.99.01
redhat cluster project 2.99.02
redhat cluster project 2.99.03
redhat cluster project 2.99.04
redhat cluster project 2.99.05
redhat cluster project 2.99.06
redhat cluster project 2.99.07
redhat cluster project 2.99.08
redhat cluster project 2.99.09
redhat cluster project 2.99.10
redhat cluster project 2.99.11
redhat cluster project 2.99.12
redhat cluster project 2.99.13
fedoraproject fedora 9
redhat cman 2.03.04-1
redhat cman 2.03.03-1
redhat cman 2.03.07-1
redhat cman 2.03.05-1
redhat cman 2.03.08-1
redhat rgmanager 2.03.03-1
redhat rgmanager 2.03.04-1
redhat rgmanager 2.03.05-1
redhat rgmanager 2.03.07-1
redhat rgmanager 2.03.08-1
redhat gfs2-utils 2.03.03-1
redhat gfs2-utils 2.03.04-1
redhat gfs2-utils 2.03.05-1
redhat gfs2-utils 2.03.07-1
redhat gfs2-utils 22.03.08-1
canonical ubuntu 6.06
redhat rhel cluster 4
redhat enterprise linux 5
redhat enterprise linux 5
redhat enterprise linux 5
redhat rhel cluster 5
canonical ubuntu 8.04
Denotes that component is vulnerable