Scientific Linux Security Update : rgmanager on SL4.x i386/x86_64

medium Nessus Plugin ID 60961
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Scientific Linux host is missing a security update.

Description

Multiple insecure temporary file use flaws were discovered in rgmanager and various resource scripts run by rgmanager. A local attacker could use these flaws to overwrite an arbitrary file writable by the rgmanager process (i.e. user root) with the output of rgmanager or a resource agent via a symbolic link attack. (CVE-2008-6552)

It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially crafted dynamic library. (CVE-2010-3389)

This update also fixes the following bugs :

- Previously, starting threads could incorrectly include a reference to an exited thread if that thread exited when rgmanager received a request to start a new thread. Due to this issue, the new thread did not retry and entered an infinite loop. This update ensures that new threads do not reference old threads. Now, new threads no longer enter an infinite loop in which the rgmanager enables and disables services without failing gracefully.
(BZ#502872)

- Previously, nfsclient.sh left temporary nfsclient-status-cache-$$ files in /tmp/. (BZ#506152)

- Previously, the function local_node_name in /resources/utils/member_util.sh did not correctly check whether magma_tool failed. Due to this issue, empty strings could be returned. This update checks the input and rejects empty strings. (BZ#516758)

- Previously, the file system agent could kill a process when an application used a mount point with a similar name to a mount point managed by rgmanager using force_unmount. With this update, the file system agent kills only the processes that access the mount point managed by rgmanager. (BZ#555901)

- Previously, simultaneous execution of 'lvchange
--deltag' from /etc/init.d/rgmanager caused a checksum error on High Availability Logical Volume Manager (HA-LVM). With this update, ownership of LVM tags is checked before removing them. (BZ#559582)

- Previously, the isAlive check could fail if two nodes used the same file name. With this update, the isAlive function prevents two nodes from using the same file name. (BZ#469815)

- Previously, the S/Lang code could lead to unwanted S/Lang stack leaks during event processing. (BZ#507430)

Solution

Update the affected rgmanager package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=469815

https://bugzilla.redhat.com/show_bug.cgi?id=502872

https://bugzilla.redhat.com/show_bug.cgi?id=506152

https://bugzilla.redhat.com/show_bug.cgi?id=507430

https://bugzilla.redhat.com/show_bug.cgi?id=516758

https://bugzilla.redhat.com/show_bug.cgi?id=555901

https://bugzilla.redhat.com/show_bug.cgi?id=559582

http://www.nessus.org/u?3312c7c6

Plugin Details

Severity: Medium

ID: 60961

File Name: sl_20110216_rgmanager_on_SL4_x.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2/16/2011

Reference Information

CVE: CVE-2008-6552, CVE-2010-3389

CWE: 59