Hi, the following two additional CVE ids have been assigned to symlink issues in cman & redhat-cluster: CVE-2008-4579[0]: | The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) | fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, | allows local users to append to arbitrary files via a symlink attack | on the apclog temporary file.
CVE-2008-4580[1]: | fence_manual in fence allows local users to modify arbitrary files via | a symlink attack on the fence_manual.fifo temporary file. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4579 http://security-tracker.debian.net/tracker/CVE-2008-4579 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4580 http://security-tracker.debian.net/tracker/CVE-2008-4580 Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp1gd75XlpYb.pgp
Description: PGP signature