fence contains multiple programs containing vulnerabilities that may allow local users to overwrite arbitrary files via a symlink attack.
|Package||sys-cluster/fence on all architectures|
|Affected versions||< 2.03.09|
fence is an I/O group fencing system.
The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual (CVE-2008-4580) programs contain symlink vulnerabilities.
These vulnerabilities may allow arbitrary files to be overwritten with root privileges.
There is no known workaround at this time.
Gentoo discontinued support for fence. All fence users should uninstall and choose another software that provides the same functionality.
# emerge --unmerge sys-cluster/fence
September 29, 2010
September 29, 2010: 01