Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2008-6560
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-31 Mar, 2009 | 14:09
Updated At-07 Nov, 2023 | 02:03

Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Red Hat, Inc.
redhat
>>cman>>Versions up to 2.03.08-1(inclusive)
cpe:2.3:a:redhat:cman:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>cman>>2.03.03-1
cpe:2.3:a:redhat:cman:2.03.03-1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>cman>>2.03.04-1
cpe:2.3:a:redhat:cman:2.03.04-1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>cman>>2.03.05-1
cpe:2.3:a:redhat:cman:2.03.05-1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>cman>>2.03.07-1
cpe:2.3:a:redhat:cman:2.03.07-1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>fedora>>9
cpe:2.3:o:redhat:fedora:9:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>linux>>5.0
cpe:2.3:o:redhat:linux:5.0:*:enterprise:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2009-08-04T00:00:00

Red Hat does not consider this to be a security issue. The misbehaviour of CMAN is triggered by corrupted / specially crafted cluster.conf configuration file. Ability to edit this file is restricted to system administrator, therefore no privilege boundary is crossed.

References
HyperlinkSourceResource
http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3becve@mitre.org
N/A
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.htmlcve@mitre.org
N/A
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.htmlcve@mitre.org
N/A
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.htmlcve@mitre.org
Vendor Advisory
http://www.ubuntu.com/usn/USN-875-1cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=468966cve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49832cve@mitre.org
N/A
Change History
0Changes found
Details not found