RedHat Security Advisory RHSA-2009:1339 Network Vulnerability

Summary

The remote host is missing updates announced in advisory RHSA-2009:1339. The rgmanager package contains the Red Hat Resource Group Manager, which provides high availability for critical server applications in the event of system downtime. Multiple insecure temporary file use flaws were discovered in rgmanager and various resource scripts run by rgmanager. A local attacker could use these flaws to overwrite an arbitrary file writable by the rgmanager process (i.e. user root) with the output of rgmanager or a resource agent via a symbolic link attack. (CVE-2008-6552)

Solution

Users of rgmanager are advised to upgrade to this updated package, which resolves these issues. Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date

References

http://rhn.redhat.com/errata/RHSA-2009-1339.html
http://www.redhat.com/security/updates/classification/#low

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-6552
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

RedHat Security Advisory RHSA-2009:1122
RedHat Security Advisory RHSA-2009:1339
RedHat Security Advisory RHSA-2009:1528
RedHat Security Advisory RHSA-2009:0021
RedHat Security Advisory RHSA-2009:1206

Take action and discover your vulnerabilities