CVE-2008-4580
cman - Arbitrary File Modification via Symlink Attack on Temporary File
Title source: llmDescription
fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/10/16/1
Issue Tracking x_refsource_misc
http://bugs.gentoo.org/show_bug.cgi?id=240576
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45953
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-875-1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/10/13/3
Scores
EPSS
0.0003
EPSS Percentile
7.3%
Details
CWE
CWE-59
Status
published
Products (2)
gentoo/cman
2.02.00 r1
gentoo/fence
2.02.00 r1
Published
Oct 15, 2008
Tracked Since
Feb 18, 2026