Scientific Linux Security Update : fence on SL4.x i386/x86_64

medium Nessus Plugin ID 60958

Synopsis

The remote Scientific Linux host is missing a security update.

Description

Insecure temporary file use flaws were found in fence_egenera, fence_apc, and fence_apc_snmp. A local attacker could use these flaws to overwrite an arbitrary file writable by the victim running those utilities via a symbolic link attack. (CVE-2008-4192, CVE-2008-4579)

This update also fixes the following bugs :

- fence_apc_snmp now waits for five seconds after fencing to properly get status. (BZ#494587)

- The fence_drac5 help output now shows the proper commands. (BZ#498870)

- fence_scsi_test.pl now verifies that sg_persist is in the path before running. (BZ#500172)

- fence_drac5 is now more consistent with other agents and uses module_name instead of modulename. (BZ#500546)

- fence_apc and fence_wti no longer fail with a pexpect exception. (BZ#501890, BZ#504589)

- fence_wti no longer issues a traceback when an option is missing. (BZ#508258)

- fence_sanbox2 is now able to properly obtain the status after fencing. (BZ#510279)

- Fencing no longer fails if fence_wti is used without telnet. (BZ#510335)

- fence_scsi get_scsi_devices no longer hangs with various devices. (BZ#545193)

- fence_ilo no longer fails to reboot with ilo2 firmware 1.70. (BZ#545682)

- Fixed an issue with fence_ilo not rebooting in some implementations. (BZ#576036)

- fence_ilo no longer throws exceptions if the user does not have power privileges. (BZ#576178)

As well, this update adds the following enhancements :

- Support has been added for SSH-enabled RSA II fence devices. (BZ#476161)

- The APC fence agent will now work with a non-root account. (BZ#491643)

Solution

Update the affected fence package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=476161

https://bugzilla.redhat.com/show_bug.cgi?id=491643

https://bugzilla.redhat.com/show_bug.cgi?id=494587

https://bugzilla.redhat.com/show_bug.cgi?id=498870

https://bugzilla.redhat.com/show_bug.cgi?id=500172

https://bugzilla.redhat.com/show_bug.cgi?id=500546

https://bugzilla.redhat.com/show_bug.cgi?id=501890

https://bugzilla.redhat.com/show_bug.cgi?id=504589

https://bugzilla.redhat.com/show_bug.cgi?id=508258

https://bugzilla.redhat.com/show_bug.cgi?id=510279

https://bugzilla.redhat.com/show_bug.cgi?id=510335

https://bugzilla.redhat.com/show_bug.cgi?id=545193

https://bugzilla.redhat.com/show_bug.cgi?id=545682

https://bugzilla.redhat.com/show_bug.cgi?id=576036

https://bugzilla.redhat.com/show_bug.cgi?id=576178

http://www.nessus.org/u?54fa48f6

Plugin Details

Severity: Medium

ID: 60958

File Name: sl_20110216_fence_on_SL4_x.nasl

Version: 1.5

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2/16/2011

Reference Information

CVE: CVE-2008-4192, CVE-2008-4579

CWE: 59