CVE-2008-4579

Description

The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.

References

Link	Tags
http://bugs.gentoo.org/show_bug.cgi?id=240576
http://www.redhat.com/support/errata/RHSA-2009-1341.html	vendor advisory
http://secunia.com/advisories/32390	third party advisory
http://secunia.com/advisories/32387	third party advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10799	vdb entry signature
http://www.vupen.com/english/advisories/2011/0419	vdb entry
http://www.ubuntu.com/usn/USN-875-1	vendor advisory
http://www.securityfocus.com/bid/31904	vdb entry
http://www.openwall.com/lists/oss-security/2008/10/13/3	mailing list
https://bugzilla.redhat.com/show_bug.cgi?id=467386
http://secunia.com/advisories/36530	third party advisory
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html	vendor advisory
http://secunia.com/advisories/43362	third party advisory
http://www.redhat.com/support/errata/RHSA-2011-0266.html	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2008-4579?: CVE-2008-4579 has been scored as a low severity vulnerability.
How to fix CVE-2008-4579?: To fix CVE-2008-4579, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2008-4579 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2008-4579 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-59 – Improper Link Resolution Before File Access ('Link Following')

References

Frequently Asked Questions