CVE-2008-4580 - Vulnerability Details - OpenCVE

fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gentoo	Cman Fence

Configuration 1 [-]

OR	cpe:2.3:a:gentoo:cman:2.02.00:r1::::::
	cpe:2.3:a:gentoo:fence:2.02.00:r1::::::

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=240576
http://www.openwall.com/lists/oss-security/2008/10/13/3
http://www.openwall.com/lists/oss-security/2008/10/16/1
http://www.ubuntu.com/usn/USN-875-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45953
https://nvd.nist.gov/vuln/detail/CVE-2008-4580
https://www.cve.org/CVERecord?id=CVE-2008-4580

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2008-10-15T20:00:00

Updated: 2024-08-07T10:24:18.950Z

Reserved: 2008-10-15T00:00:00

Link: CVE-2008-4580

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-10-15T20:08:02.763

Modified: 2024-11-21T00:52:01.447

Link: CVE-2008-4580

Redhat

Severity : Low

Publid Date: 2008-10-13T00:00:00Z

Links: CVE-2008-4580 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20081016 Re: CVE Request", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/16/1"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=240576"}, {"name": "fence-fencemanual-symlink(45953)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45953"}, {"name": "USN-875-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"name": "[oss-security] 20081013 Re: CVE Request", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/13/3"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:24:18.950Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20081016 Re: CVE Request", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/10/16/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=240576"}, {"name": "fence-fencemanual-symlink(45953)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45953"}, {"name": "USN-875-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"name": "[oss-security] 20081013 Re: CVE Request", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/10/13/3"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-4580", "datePublished": "2008-10-15T20:00:00", "dateReserved": "2008-10-15T00:00:00", "dateUpdated": "2024-08-07T10:24:18.950Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gentoo:cman:2.02.00:r1:*:*:*:*:*:*", "matchCriteriaId": "6C3CBF73-99E7-4562-AA18-19EA3D9AF2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gentoo:fence:2.02.00:r1:*:*:*:*:*:*", "matchCriteriaId": "7E9BCDBC-4566-417D-AEB6-B1377519648A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file."}, {"lang": "es", "value": "fence_manual, tal y como es usado en fence versi\u00f3n 2.02.00-r1 y posiblemente cman, permite a los usuarios locales modificar archivos arbitrarios por medio de un ataque de tipo symlink en el archivo temporal fence_manual.fifo."}], "id": "CVE-2008-4580", "lastModified": "2024-11-21T00:52:01.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-15T20:08:02.763", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.gentoo.org/show_bug.cgi?id=240576"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2008/10/13/3"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2008/10/16/1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45953"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=240576"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/13/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/16/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45953"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Manual fencing agent is documented to only be provided for testing purposes and should not be used in production environments. Therefore, there is no plan to fix this flaw in Red Hat Cluster Suite for Red Hat Enterprise Linux 4, and in Red Hat Enterprise Linux 5.", "lastModified": "2009-11-12T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}