Security
Security
fence contains multiple programs containing vulnerabilities that may allow local users to overwrite arbitrary files via a symlink attack.
| Package | sys-cluster/fence on all architectures |
|---|---|
| Affected versions | < 2.03.09 |
| Unaffected versions |
fence is an I/O group fencing system.
The fence_apc, fence_apc_snmp (CVE-2008-4579) and fence_manual (CVE-2008-4580) programs contain symlink vulnerabilities.
These vulnerabilities may allow arbitrary files to be overwritten with root privileges.
There is no known workaround at this time.
Gentoo discontinued support for fence. All fence users should uninstall and choose another software that provides the same functionality.
# emerge --unmerge sys-cluster/fence
Release date
September 29, 2010
Latest revision
September 29, 2010: 01
Severity
normal
Exploitable
local
Bugzilla entries