Redhat Cman vulnerabilities

CVE-2008-6560 [HIGH] CWE-119 CVE-2008-6560: Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Li Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product.

CVE-2008-6552 [MEDIUM] CWE-59 CVE-2008-6552: Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink at Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.

CVE-2008-4192 [MEDIUM] CWE-59 CVE-2008-4192: The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.