The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-09-29 17:17
Updated : 2024-02-28 11:21
NVD link : CVE-2008-4192
Mitre link : CVE-2008-4192
CVE.ORG link : CVE-2008-4192
JSON object : View
Products Affected
redhat
- cman
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')