Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4192

CWE-59CWE-3777 documents7 sources
Severity
6.9MEDIUM
EPSS
0.1%
top 67.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Redhat Cman
Timeline
PublishedSep 29
Latest updateMay 2

Description

The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

NVDredhat/cman2.20080629, 2.20080801+1

🔴Vulnerability Details

2
GHSA
GHSA-hpx5-6mfx-fq22: The pserver_shutdown function in fence_egenera in cman 22022-05-02
CVEList
CVE-2008-4192: The pserver_shutdown function in fence_egenera in cman 22008-09-29

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash Player - AVM Verification Logic Array Indexing Code Execution (Metasploit)2012-06-20

📋Vendor Advisories

2
Ubuntu
Red Hat Cluster Suite vulnerabilities2009-12-18
Red Hat
cman/fence: insecure temporary file usage in the egenera fence agent2008-08-24

💬Community

1
Bugzilla
CVE-2008-4192 cman/fence: insecure temporary file usage in the egenera fence agent2008-08-28
CVE-2008-4192 (MEDIUM CVSS 6.9) | The pserver_shutdown function in fe | cvebase.io