Vulnerability Name: CVE-2008-6552 (CCN-46412) Assigned: 2008-10-31 Published: 2008-10-31 Updated: 2017-09-29 Summary: Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. CVSS v3 Severity: 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C )5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P )3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
5.4 Medium (REDHAT CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:C )4.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): Complete
Vulnerability Type: CWE-59 CWE-377 Vulnerability Consequences: Gain Privileges References: Source: MITRE Type: CNACVE-2008-6552 Source: OSVDB Type: UNKNOWN50299 Source: OSVDB Type: UNKNOWN50300 Source: OSVDB Type: UNKNOWN50301 Source: CCN Type: RHSA-2009-1337Low: gfs2-utils security and bug fix update Source: REDHAT Type: UNKNOWNRHSA-2009:1337 Source: CCN Type: RHSA-2009-1339Low: rgmanager security, bug fix, and enhancement update Source: CCN Type: RHSA-2009-1341Low: cman security, bug fix, and enhancement update Source: CCN Type: RHSA-2011-0264Low: rgmanager security and bug fix update Source: CCN Type: RHSA-2011-0265Low: ccs security update Source: CCN Type: SA32602Cluster Project Unspecified Insecure Temporary Files Source: SECUNIA Type: Vendor Advisory32602 Source: SECUNIA Type: UNKNOWN32616 Source: SECUNIA Type: UNKNOWN36530 Source: SECUNIA Type: UNKNOWN36555 Source: SECUNIA Type: UNKNOWN43367 Source: SECUNIA Type: UNKNOWN43372 Source: CCN Type: Cluster Web pageCluster3 Source: CCN Type: OSVDB ID: 50299Cluster Project CMAN Unspecified Temporary Files Privilege Escalation Source: CCN Type: OSVDB ID: 50300Cluster Project rgmanager Unspecified Temporary Files Privilege Escalation Source: CCN Type: OSVDB ID: 50301Cluster Project gfs2 Unspecified Temporary Files Privilege Escalation Source: FEDORA Type: Vendor AdvisoryFEDORA-2008-9458 Source: FEDORA Type: Vendor AdvisoryFEDORA-2008-9458 Source: FEDORA Type: Vendor AdvisoryFEDORA-2008-9458 Source: REDHAT Type: UNKNOWNRHSA-2009:1339 Source: REDHAT Type: UNKNOWNRHSA-2009:1341 Source: REDHAT Type: UNKNOWNRHSA-2011:0264 Source: REDHAT Type: UNKNOWNRHSA-2011:0265 Source: BID Type: UNKNOWN32179 Source: CCN Type: BID-32179cluster Multiple Insecure Temporary File Creation Vulnerabilities Source: CCN Type: USN-875-1Red Hat Cluster Suite vulnerabilities Source: UBUNTU Type: UNKNOWNUSN-875-1 Source: VUPEN Type: UNKNOWNADV-2011-0416 Source: VUPEN Type: UNKNOWNADV-2011-0417 Source: XF Type: UNKNOWNclusterproject-unspecified-priv-escalation(46412) Source: XF Type: UNKNOWNclusterproject-unspecified-priv-escalation(46412) Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:11404 Source: CCN Type: fedora-package-announce Mailing List, Fri, 07 Nov 2008 02:55:52 +0000[SECURITY] Fedora 9 Update: gfs2-utils-2.03.09-1.fc9 Vulnerable Configuration: Configuration 1 :cpe:/a:redhat:cluster_project:2.00.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.01.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.02.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.01:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.03:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.04:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.05:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.7:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.08:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.09:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.10:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.11:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.01:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.02:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.03:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.04:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.05:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.06:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.07:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.08:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.09:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.10:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.11:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.12:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.13:*:*:*:*:*:*:* Configuration 2 :cpe:/a:redhat:cman:2.03.03-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.04-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.05-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.07-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.08-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.03-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.04-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.05-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.07-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.08-1:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:9:*:*:*:*:*:*:* AND cpe:/a:redhat:gfs2-utils:2.03.03-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.04-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.05-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.07-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:22.03.08-1:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration RedHat 4 :cpe:/a:redhat:rhel_cluster:5:*:*:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration CCN 1 :cpe:/a:redhat:cluster_project:2.00.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.01.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.02.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.01:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.03:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.04:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.05:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.7:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.08:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.09:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.10:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.03.11:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.00:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.01:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.02:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.03:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.04:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.05:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.06:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.07:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.08:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.09:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.10:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.11:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.12:*:*:*:*:*:*:* OR cpe:/a:redhat:cluster_project:2.99.13:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:9:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.04-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.03-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.07-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.05-1:*:*:*:*:*:*:* OR cpe:/a:redhat:cman:2.03.08-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.03-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.04-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.05-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.07-1:*:*:*:*:*:*:* OR cpe:/a:redhat:rgmanager:2.03.08-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.03-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.04-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.05-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:2.03.07-1:*:*:*:*:*:*:* OR cpe:/a:redhat:gfs2-utils:22.03.08-1:*:*:*:*:*:*:* AND cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:* OR cpe:/a:redhat:rhel_cluster:4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:* OR cpe:/a:redhat:rhel_cluster:5:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:* Denotes that component is vulnerable Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:28953 P RHSA-2009:1337 -- gfs2-utils security and bug fix update (Low) 2015-08-17 oval:org.mitre.oval:def:29052 P RHSA-2009:1341 -- cman security, bug fix, and enhancement update (Low) 2015-08-17 oval:org.mitre.oval:def:22968 P ELSA-2009:1339: rgmanager security, bug fix, and enhancement update (Low) 2014-07-21 oval:org.mitre.oval:def:12938 P USN-875-1 -- redhat-cluster, redhat-cluster-suite vulnerabilities 2014-06-30 oval:org.mitre.oval:def:22793 P ELSA-2009:1337: gfs2-utils security and bug fix update (Low) 2014-05-26 oval:org.mitre.oval:def:22844 P ELSA-2009:1341: cman security, bug fix, and enhancement update (Low) 2014-05-26 oval:org.mitre.oval:def:11404 V Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. 2013-04-29 oval:com.redhat.rhsa:def:20091337 P RHSA-2009:1337: gfs2-utils security and bug fix update (Low) 2009-09-02 oval:com.redhat.rhsa:def:20091339 P RHSA-2009:1339: rgmanager security, bug fix, and enhancement update (Low) 2009-09-02 oval:com.redhat.rhsa:def:20091341 P RHSA-2009:1341: cman security, bug fix, and enhancement update (Low) 2009-09-02
BACK
redhat cluster project 2.00.00
redhat cluster project 2.01.00
redhat cluster project 2.02.00
redhat cluster project 2.03.00
redhat cluster project 2.03.01
redhat cluster project 2.03.03
redhat cluster project 2.03.04
redhat cluster project 2.03.05
redhat cluster project 2.03.7
redhat cluster project 2.03.08
redhat cluster project 2.03.09
redhat cluster project 2.03.10
redhat cluster project 2.03.11
redhat cluster project 2.99.00
redhat cluster project 2.99.01
redhat cluster project 2.99.02
redhat cluster project 2.99.03
redhat cluster project 2.99.04
redhat cluster project 2.99.05
redhat cluster project 2.99.06
redhat cluster project 2.99.07
redhat cluster project 2.99.08
redhat cluster project 2.99.09
redhat cluster project 2.99.10
redhat cluster project 2.99.11
redhat cluster project 2.99.12
redhat cluster project 2.99.13
redhat cman 2.03.03-1
redhat cman 2.03.04-1
redhat cman 2.03.05-1
redhat cman 2.03.07-1
redhat cman 2.03.08-1
redhat rgmanager 2.03.03-1
redhat rgmanager 2.03.04-1
redhat rgmanager 2.03.05-1
redhat rgmanager 2.03.07-1
redhat rgmanager 2.03.08-1
fedoraproject fedora 9
redhat gfs2-utils 2.03.03-1
redhat gfs2-utils 2.03.04-1
redhat gfs2-utils 2.03.05-1
redhat gfs2-utils 2.03.07-1
redhat gfs2-utils 22.03.08-1
redhat cluster project 2.00.00
redhat cluster project 2.01.00
redhat cluster project 2.02.00
redhat cluster project 2.03.00
redhat cluster project 2.03.01
redhat cluster project 2.03.03
redhat cluster project 2.03.04
redhat cluster project 2.03.05
redhat cluster project 2.03.7
redhat cluster project 2.03.08
redhat cluster project 2.03.09
redhat cluster project 2.03.10
redhat cluster project 2.03.11
redhat cluster project 2.99.00
redhat cluster project 2.99.01
redhat cluster project 2.99.02
redhat cluster project 2.99.03
redhat cluster project 2.99.04
redhat cluster project 2.99.05
redhat cluster project 2.99.06
redhat cluster project 2.99.07
redhat cluster project 2.99.08
redhat cluster project 2.99.09
redhat cluster project 2.99.10
redhat cluster project 2.99.11
redhat cluster project 2.99.12
redhat cluster project 2.99.13
fedoraproject fedora 9
redhat cman 2.03.04-1
redhat cman 2.03.03-1
redhat cman 2.03.07-1
redhat cman 2.03.05-1
redhat cman 2.03.08-1
redhat rgmanager 2.03.03-1
redhat rgmanager 2.03.04-1
redhat rgmanager 2.03.05-1
redhat rgmanager 2.03.07-1
redhat rgmanager 2.03.08-1
redhat gfs2-utils 2.03.03-1
redhat gfs2-utils 2.03.04-1
redhat gfs2-utils 2.03.05-1
redhat gfs2-utils 2.03.07-1
redhat gfs2-utils 22.03.08-1
canonical ubuntu 6.06
redhat rhel cluster 4
redhat enterprise linux 5
redhat enterprise linux 5
redhat enterprise linux 5
redhat rhel cluster 5
canonical ubuntu 8.04