This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
Multiple insecure temporary file use flaws were discovered in GFS2
user level utilities. A local attacker could use these flaws to
overwrite an arbitrary file writable by a victim running those
utilities (typically root) with the output of the utilities via a
symbolic link attack. (CVE-2008-6552)
This update also fixes the following bugs :
- gfs2_fsck now properly detects and repairs problems with
sequence numbers on GFS2 file systems.
- GFS2 user utilities now use the file system UUID.
- gfs2_grow now properly updates the file system size
- gfs2_fsck now returns the proper exit codes.
- gfs2_convert now properly frees blocks when removing
free blocks up to height 2.
- the gfs2_fsck manual page has been renamed to fsck.gfs2
to match current standards.
- the 'gfs2_tool df' command now provides human-readable
- mounting GFS2 file systems with the noatime or noquota
option now works properly.
- new capabilities have been added to the gfs2_edit tool
to help in testing and debugging GFS and GFS2 issues.
- the 'gfs2_tool df' command no longer segfaults on file
systems with a block size other than 4k.
- the gfs2_grow manual page no longer references the '-r'
option, which has been removed.
- the 'gfs2_tool unfreeze' command no longer hangs during
- gfs2_convert no longer corrupts file systems when
converting from GFS to GFS2.
- gfs2_fsck no longer segfaults when encountering a block
which is listed as both a data and stuffed directory
- gfs2_fsck can now fix file systems even if the journal
is already locked for use.
- a GFS2 file system's metadata is now properly copied
with 'gfs2_edit savemeta' and 'gfs2_edit restoremeta'.
- the gfs2_edit savemeta function now properly saves
blocks of type 2.
- 'gfs2_convert -vy' now works properly on the PowerPC
- when mounting a GFS2 file system as '/', mount_gfs2 no
longer fails after being unable to find the file system
- gfs2_fsck no longer segfaults when fixing 'EA leaf block
See also :
Update the affected gfs2-utils package.
Risk factor :
Medium / CVSS Base Score : 6.9
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60653 ()
CVE ID: CVE-2008-6552