CVE-2008-6560 - Vulnerability Details - OpenCVE

Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Cman Fedora Linux

Configuration 1 [-]

AND

OR	cpe:2.3:a:redhat:cman::::::::
	cpe:2.3:a:redhat:cman:2.03.03-1:::::::*
	cpe:2.3:a:redhat:cman:2.03.04-1:::::::*
	cpe:2.3:a:redhat:cman:2.03.05-1:::::::*
	cpe:2.3:a:redhat:cman:2.03.07-1:::::::*

OR	cpe:2.3:o:redhat:fedora:9:::::::*
	cpe:2.3:o:redhat:linux:5.0::enterprise:::::

No data.

References

Link	Providers
http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html
http://www.ubuntu.com/usn/USN-875-1
https://bugzilla.redhat.com/show_bug.cgi?id=468966
https://exchange.xforce.ibmcloud.com/vulnerabilities/49832

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-31T10:00:00

Updated: 2024-08-07T11:34:47.082Z

Reserved: 2009-03-30T00:00:00

Link: CVE-2008-6560

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-03-31T14:09:53.390

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-6560

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-06T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "cman-clusterconf-dos(49832)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"name": "USN-875-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6560", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cman-clusterconf-dos(49832)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}, {"name": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=67fee9128e54c6c3fc3eae306b5b501f3029c3be", "refsource": "CONFIRM", "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"name": "FEDORA-2008-9458", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"name": "USN-875-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"name": "FEDORA-2008-9458", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=468966", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"name": "FEDORA-2008-9458", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:34:47.082Z"}, "title": "CVE Program Container", "references": [{"name": "cman-clusterconf-dos(49832)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"name": "USN-875-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6560", "datePublished": "2009-03-31T10:00:00", "dateReserved": "2009-03-30T00:00:00", "dateUpdated": "2024-08-07T11:34:47.082Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cman:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5280A55-F6CF-4D35-B9D4-A76321EC591A", "versionEndIncluding": "2.03.08-1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cman:2.03.03-1:*:*:*:*:*:*:*", "matchCriteriaId": "F12B9C5F-29A5-4B40-89E2-CD32477C087F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cman:2.03.04-1:*:*:*:*:*:*:*", "matchCriteriaId": "06ABB244-870D-4D5F-81FA-0D8D133A1B2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cman:2.03.05-1:*:*:*:*:*:*:*", "matchCriteriaId": "C31DAF4D-B7BB-43CE-87EC-33062475AF0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cman:2.03.07-1:*:*:*:*:*:*:*", "matchCriteriaId": "25AD771F-0B14-4EC9-A425-3E49BE177402", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:fedora:9:*:*:*:*:*:*:*", "matchCriteriaId": "D32A30CD-EA21-4AA6-868F-3448AA50B70D", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:linux:5.0:*:enterprise:*:*:*:*:*", "matchCriteriaId": "A00F5B01-0C61-48A6-BE78-1981CA6C09FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en CMAN - The Cluster Manager versiones anteriores a v2.03.09-1 en Fedora 9 y Red Hat Enterprise Linux (RHEL) 5 permite a atacantes provocar una denegaci\u00f3n de servicio (consumo de CPU y consumo de memoria) a trav\u00e9s de un fichero cluster.conf con muchas l\u00edneas. \r\nNOTA: no est\u00e1 claro si este problema cruza fronteras de privilegios en usuarios reales del producto."}], "id": "CVE-2008-6560", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-03-31T14:09:53.390", "references": [{"source": "cve@mitre.org", "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat does not consider this to be a security issue. The misbehaviour of CMAN is triggered by corrupted / specially crafted cluster.conf configuration file. Ability to edit this file is restricted to system administrator, therefore no privilege boundary is crossed.", "lastModified": "2009-08-04T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}