LWN.net Logo

cman: insecure temp file

Package(s):cman CVE #(s):CVE-2008-4192
Created:October 23, 2008 Updated:February 16, 2011
Description: cman has an insecure temp file vulnerability. From the Red Hat bug report:

A malicious user could precreate a symlink, pointing to the file /tmp/eglog, Subsequent run of the '/sbin/egenera' command would destroy / truncate the target of this link to zero length.

Alerts:
Red Hat RHSA-2011:0266-01 2011-02-16
Ubuntu USN-875-1 2009-12-18
Fedora FEDORA-2008-9458 2008-11-07
Fedora FEDORA-2008-9458 2008-11-07
Fedora FEDORA-2008-9458 2008-11-07
Fedora FEDORA-2008-9042 2008-10-23

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds