1.9
CVE-2008-4579
- EPSS 0.34%
- Veröffentlicht 15.10.2008 20:08:02
- Zuletzt bearbeitet 16.06.2026 22:58:06
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.258 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 1.9 | 3.4 | 2.9 |
AV:L/AC:M/Au:N/C:N/I:P/A:N
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
http://secunia.com/advisories/32387
http://secunia.com/advisories/32390
http://secunia.com/advisories/43362
http://www.redhat.com/support/errata/RHSA-2011-0266.html
http://www.ubuntu.com/usn/USN-875-1
http://www.vupen.com/english/advisories/2011/0419
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html
http://bugs.gentoo.org/show_bug.cgi?id=240576
http://secunia.com/advisories/36530
http://www.openwall.com/lists/oss-security/2008/10/13/3
http://www.redhat.com/support/errata/RHSA-2009-1341.html
http://www.securityfocus.com/bid/31904
https://bugzilla.redhat.com/show_bug.cgi?id=467386
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10799