CVE-2008-6560 - OpenCVE

Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Linux Cman Fedora

Configuration 1 [-]

AND

OR	cpe:2.3:a:redhat:cman::::::::
	cpe:2.3:a:redhat:cman:2.03.03-1:::::::*
	cpe:2.3:a:redhat:cman:2.03.04-1:::::::*
	cpe:2.3:a:redhat:cman:2.03.05-1:::::::*
	cpe:2.3:a:redhat:cman:2.03.07-1:::::::*

OR	cpe:2.3:o:redhat:fedora:9:::::::*
	cpe:2.3:o:redhat:linux:5.0::enterprise:::::

References

Link	Resource
http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html	Vendor Advisory
http://www.ubuntu.com/usn/USN-875-1
https://bugzilla.redhat.com/show_bug.cgi?id=468966	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49832

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-31T10:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-03-30T00:00:00

Link: CVE-2008-6560

JSON object: View

NVD Information

Status : Modified

Published: 2009-03-31T14:09:53.390

Modified: 2023-11-07T02:03:23.407

Link: CVE-2008-6560

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-06T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "cman-clusterconf-dos(49832)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"name": "USN-875-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6560", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cman-clusterconf-dos(49832)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}, {"name": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=67fee9128e54c6c3fc3eae306b5b501f3029c3be", "refsource": "CONFIRM", "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"name": "FEDORA-2008-9458", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"name": "USN-875-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"name": "FEDORA-2008-9458", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=468966", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"name": "FEDORA-2008-9458", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6560", "datePublished": "2009-03-31T10:00:00", "dateReserved": "2009-03-30T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cman:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5280A55-F6CF-4D35-B9D4-A76321EC591A", "versionEndIncluding": "2.03.08-1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cman:2.03.03-1:*:*:*:*:*:*:*", "matchCriteriaId": "F12B9C5F-29A5-4B40-89E2-CD32477C087F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cman:2.03.04-1:*:*:*:*:*:*:*", "matchCriteriaId": "06ABB244-870D-4D5F-81FA-0D8D133A1B2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cman:2.03.05-1:*:*:*:*:*:*:*", "matchCriteriaId": "C31DAF4D-B7BB-43CE-87EC-33062475AF0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cman:2.03.07-1:*:*:*:*:*:*:*", "matchCriteriaId": "25AD771F-0B14-4EC9-A425-3E49BE177402", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:fedora:9:*:*:*:*:*:*:*", "matchCriteriaId": "D32A30CD-EA21-4AA6-868F-3448AA50B70D", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:linux:5.0:*:enterprise:*:*:*:*:*", "matchCriteriaId": "A00F5B01-0C61-48A6-BE78-1981CA6C09FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en CMAN - The Cluster Manager versiones anteriores a v2.03.09-1 en Fedora 9 y Red Hat Enterprise Linux (RHEL) 5 permite a atacantes provocar una denegaci\u00f3n de servicio (consumo de CPU y consumo de memoria) a trav\u00e9s de un fichero cluster.conf con muchas l\u00edneas. \r\nNOTA: no est\u00e1 claro si este problema cruza fronteras de privilegios en usuarios reales del producto."}], "id": "CVE-2008-6560", "lastModified": "2023-11-07T02:03:23.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-03-31T14:09:53.390", "references": [{"source": "cve@mitre.org", "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat does not consider this to be a security issue. The misbehaviour of CMAN is triggered by corrupted / specially crafted cluster.conf configuration file. Ability to edit this file is restricted to system administrator, therefore no privilege boundary is crossed.", "lastModified": "2009-08-04T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}