Summary
The remote host is missing updates announced in
advisory RHSA-2009:1339.
The rgmanager package contains the Red Hat Resource Group Manager, which provides high availability for critical server applications in the event of system downtime.
Multiple insecure temporary file use flaws were discovered in rgmanager and various resource scripts run by rgmanager. A local attacker could use these flaws to overwrite an arbitrary file writable by the rgmanager process (i.e. user root) with the output of rgmanager or a resource agent via a symbolic link attack. (CVE-2008-6552)
Solution
Users of rgmanager are advised to upgrade to this updated package, which resolves these issues.
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date
References
Severity
Classification
-
CVE CVE-2008-6552 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities