Scientific Linux Security Update : fence on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing a security update.

Description :

Insecure temporary file use flaws were found in fence_egenera,
fence_apc, and fence_apc_snmp. A local attacker could use these flaws
to overwrite an arbitrary file writable by the victim running those
utilities via a symbolic link attack. (CVE-2008-4192, CVE-2008-4579)

This update also fixes the following bugs :

- fence_apc_snmp now waits for five seconds after fencing
to properly get status. (BZ#494587)

- The fence_drac5 help output now shows the proper
commands. (BZ#498870)

- now verifies that sg_persist is in
the path before running. (BZ#500172)

- fence_drac5 is now more consistent with other agents and
uses module_name instead of modulename. (BZ#500546)

- fence_apc and fence_wti no longer fail with a pexpect
exception. (BZ#501890, BZ#504589)

- fence_wti no longer issues a traceback when an option is
missing. (BZ#508258)

- fence_sanbox2 is now able to properly obtain the status
after fencing. (BZ#510279)

- Fencing no longer fails if fence_wti is used without
telnet. (BZ#510335)

- fence_scsi get_scsi_devices no longer hangs with various
devices. (BZ#545193)

- fence_ilo no longer fails to reboot with ilo2 firmware
1.70. (BZ#545682)

- Fixed an issue with fence_ilo not rebooting in some
implementations. (BZ#576036)

- fence_ilo no longer throws exceptions if the user does
not have power privileges. (BZ#576178)

As well, this update adds the following enhancements :

- Support has been added for SSH-enabled RSA II fence
devices. (BZ#476161)

- The APC fence agent will now work with a non-root
account. (BZ#491643)

See also :

Solution :

Update the affected fence package.

Risk factor :

Medium / CVSS Base Score : 6.9

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60958 ()

Bugtraq ID:

CVE ID: CVE-2008-4192