CVE-2008-6552

CWE-59 CWE-3776 documents6 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 77.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Fedora Redhat Cluster Project Redhat Cman +2 more

Timeline

PublishedMar 30

Latest updateMay 17

Description

Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages4 packages

▶NVDredhat/rgmanager5 versions+4

▶NVDredhat/cluster_project27 versions+26

▶NVDredhat/gfs2-utils5 versions+4

▶NVDredhat/cman5 versions+4

Also affects: Fedora 9

🔴Vulnerability Details

GHSA

GHSA-mmp4-x7mg-mw3w: Red Hat Cluster Project 2↗2022-05-17

▶

CVEList

CVE-2008-6552: Red Hat Cluster Project 2↗2009-03-30

▶

📋Vendor Advisories

Ubuntu

Red Hat Cluster Suite vulnerabilities↗2009-12-18

▶

Red Hat

rgmanager: multiple insecure temporary file use issues↗2008-10-31

▶

💬Community

Bugzilla

CVE-2008-6552 cman, gfs2-utils, rgmanager: multiple insecure temporary file use issues↗2009-08-26

▶