This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
A flaw was found in ricci during a code audit. A remote attacker who
is able to connect to ricci could cause ricci to temporarily refuse
additional connections, a denial of service (CVE-2007-4136).
Fixes in this updated package include :
- The nodename is now set for manual fencing.
- The node log no longer displays in random order.
- A bug that prevented a node from responding when a
cluster was deleted is now fixed.
- A PAM configuration that incorrectly called the
deprecated module pam_stack was removed.
- A bug that prevented some quorum disk configurations
from being accepted is now fixed.
- Setting multicast addresses now works properly.
- rpm -V on luci no longer fails.
- The user interface rendering time for storage interface
is now faster.
- An error message that incorrectly appeared when
rebooting nodes during cluster creation was removed.
- Cluster snaps configuration (an unsupported feature) has
been removed altogether to prevent user confusion.
- A user permission bug resulting from a luci code error
is now fixed.
- luci and ricci init script return codes are now
- VG creation on cluster nodes now defaults to
- An SELinux AVC bug that prevented users from setting up
shared storage on nodes is now fixed.
- An access error that occurred when attempting to access
a cluster node after its cluster was deleted is now
- IP addresses can now be used to create clusters.
- Attempting to configure a fence device no longer results
in an AttributeError.
- Attempting to create a new fence device to a valid
cluster no longer results in a KeyError.
- Several minor user interface validation errors have been
fixed, such as enforcing cluster name length and fence
- A browser lock-up that could occur during storage
configuration has been fixed.
- Virtual service creation now works without error.
- The fence_xvm tag is no longer misspelled in the
- Luci failover forms are complete and working.
- Rebooting a fresh cluster install no longer generates an
- A bug that prevented failed cluster services from being
started is now fixed.
- A bug that caused some cluster operations (e.g., node
delete) to fail on clusters with mixed-cased cluster
names is now fixed.
- Global cluster resources can be reused when constructing
Enhancements in this updated package include :
- Users can now access Conga through Internet Explorer 6.
- Dead nodes can now be evicted from a cluster.
- Shared storage on new clusters is now enabled by
- The fence user-interface flow is now simpler.
- A port number is now shown in ricci error messages.
- The kmod-gfs-xen kernel module is now installed when
creating a cluster.
- Cluster creation status is now shown visually.
- User names are now sorted for display.
- The fence_xvmd tag can now be added from the dom0
- The ampersand character (&
) can now be used in fence
- All packaged files are now installed with proper owners
- New cluster node members are now properly initialized.
- Storage operations can now be completed even if an LVM
snapshot is present.
- Users are now informed via dialog when nodes are
rebooted as part of a cluster operation.
- Failover domains are now properly listed for virtual
services and traditional clustered services.
- Luci can now create and distribute keys for fence_xvmd.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60284 ()
CVE ID: CVE-2007-4136