The remote host is missing updates announced in advisory RHSA-2009:1341. The Cluster Manager (cman) utility provides services for managing a Linux cluster. Multiple insecure temporary file use flaws were found in fence_apc_snmp and ccs_tool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-4579, CVE-2008-6552) Users of cman are advised to upgrade to these updated packages, which resolve these issues.

Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date

• http://rhn.redhat.com/errata/RHSA-2009-1341.html
• http://www.redhat.com/security/updates/classification/#low

---

Updated on 2015-03-25