Gentoo Security Advisory GLSA 201009-09 (fence) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 201009-09.

Solution

Gentoo discontinued support for fence. All fence users should uninstall and choose another software that provides the same functionality. # emerge --unmerge sys-cluster/fence http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201009-09 http://bugs.gentoo.org/show_bug.cgi?id=240576

Insight

fence contains multiple programs containing vulnerabilites that may allow local users to overwrite arbitrary files via a symlink attack.

Severity

Classification

CVE CVE-2008-4579, CVE-2008-4580

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200401-04 (GAIM)
Gentoo Security Advisory GLSA 200408-03 (libpng)
Gentoo Security Advisory GLSA 200406-10 (gallery)
Gentoo Security Advisory GLSA 200311-02 (Opera)
Gentoo Security Advisory GLSA 200407-21 (Samba)

Take action and discover your vulnerabilities