This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Multiple insecure temporary file use flaws were found in
fence_apc_snmp and ccs_tool. A local attacker could use these flaws to
overwrite an arbitrary file writable by a victim running those
utilities (typically root) with the output of the utilities via a
symbolic link attack. (CVE-2008-4579, CVE-2008-6552)
Bug fixes :
- a buffer could overflow if cluster.conf had more than 52
entries per block inside the <cman> block. The limit is
- the output of the group_tool dump subcommands were NULL
- using device='' instead of label='' no longer causes
qdiskd to incorrectly exit.
- the IPMI fencing agent has been modified to time out
after 10 seconds. It is also now possible to specify a
different timeout value with the '-t' option.
- the IPMI fencing agent now allows punctuation in
- quickly starting and stopping the cman service no longer
causes the cluster membership to become inconsistent
across the cluster.
- an issue with lock syncing caused 'receive_own from'
errors to be logged to '/var/log/messages'.
- an issue which caused gfs_controld to segfault when
mounting hundreds of file systems has been fixed.
- the LPAR fencing agent now properly reports status when
an LPAR is in Open Firmware mode.
- the LPAR fencing agent now works properly with systems
using the Integrated Virtualization Manager (IVM).
- the APC SNMP fencing agent now properly recognizes
outletStatusOn and outletStatusOff return codes from the
- the WTI fencing agent can now connect to fencing devices
with no password.
- the rps-10 fencing agent now properly performs a reboot
when run with no options.
- the IPMI fencing agent now supports different cipher
types with the '-C' option.
- qdisk now properly scans devices and partitions.
- cman now checks to see if a new node has state to
prevent killing the first node during cluster setup.
- 'service qdiskd start' now works properly.
- the McData fence agent now works properly with the
McData Sphereon 4500 Fabric Switch.
- the Egenera fence agent can now specify an SSH login
- the APC fence agent now works with non-admin accounts
when using the 3.5.x firmware.
- fence_xvmd now tries two methods to reboot a virtual
- connections to OpenAIS are now allowed from unprivileged
CPG clients with the user and group of 'ais'.
- groupd no longer allows the default fence domain to be
'0', which previously caused rgmanager to hang. Now,
rgmanager no longer hangs.
- the RSA fence agent now supports SSH enabled RSA II
- the DRAC fence agent now works with the Integrated Dell
Remote Access Controller (iDRAC) on Dell PowerEdge M600
- fixed a memory leak in cman.
- qdisk now displays a warning if more than one label is
found with the same name.
- the DRAC5 fencing agent now shows proper usage
instructions for the '-D' option.
- cman no longer uses the wrong node name when
- the SCSI fence agent now verifies that sg_persist is
- the DRAC5 fencing agent now properly handles modulename.
- QDisk now logs warning messages if it appears its I/O to
shared storage is hung.
- fence_apc no longer fails with a pexpect exception.
- removing a node from the cluster using 'cman_tool leave
remove' now properly reduces the expected_votes and
- a semaphore leak in cman has been fixed.
- 'cman_tool nodes -F name' no longer segfaults when a
node is out of membership.
- support for: ePowerSwitch 8+ and LPAR/HMC v3 devices,
Cisco MDS 9124 and MDS 9134 SAN switches, the virsh
fencing agent, and broadcast communication with cman.
- fence_scsi limitations added to fence_scsi man page.
NOTE: openais and pexpect updates are required.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.9