diff --git a/2008/4xxx/CVE-2008-4579.json b/2008/4xxx/CVE-2008-4579.json index 12799fc8ea0..ec896fb199a 100644 --- a/2008/4xxx/CVE-2008-4579.json +++ b/2008/4xxx/CVE-2008-4579.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-4579", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file." + "value": "CVE-2008-4579 cman/fence: insecure temporary file usage in the apc fence agents" } ] }, @@ -44,83 +21,159 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Insecure Temporary File", + "cweId": "CWE-377" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "CLuster Suite for RHEL 4", + "version": { + "version_data": [ + { + "version_value": "0:1.32.68-5.el4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:2.0.115-1.el5", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://bugs.gentoo.org/show_bug.cgi?id=240576", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=240576", "refsource": "MISC", - "url": "http://bugs.gentoo.org/show_bug.cgi?id=240576" + "name": "http://bugs.gentoo.org/show_bug.cgi?id=240576" }, { - "name": "RHSA-2009:1341", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2009-1341.html" + "url": "http://www.openwall.com/lists/oss-security/2008/10/13/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2008/10/13/3" }, { - "name": "32390", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/32390" + "url": "http://www.ubuntu.com/usn/USN-875-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-875-1" }, { - "name": "32387", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/32387" + "url": "http://secunia.com/advisories/32387", + "refsource": "MISC", + "name": "http://secunia.com/advisories/32387" }, { - "name": "oval:org.mitre.oval:def:10799", - "refsource": "OVAL", - "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10799" + "url": "http://secunia.com/advisories/32390", + "refsource": "MISC", + "name": "http://secunia.com/advisories/32390" }, { - "name": "ADV-2011-0419", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2011/0419" + "url": "http://secunia.com/advisories/36530", + "refsource": "MISC", + "name": "http://secunia.com/advisories/36530" }, { - "name": "USN-875-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-875-1" + "url": "http://secunia.com/advisories/43362", + "refsource": "MISC", + "name": "http://secunia.com/advisories/43362" }, { - "name": "31904", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/31904" + "url": "http://www.redhat.com/support/errata/RHSA-2009-1341.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2009-1341.html" }, { - "name": "[oss-security] 20081013 Re: CVE Request", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2008/10/13/3" + "url": "http://www.redhat.com/support/errata/RHSA-2011-0266.html", + "refsource": "MISC", + "name": "http://www.redhat.com/support/errata/RHSA-2011-0266.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=467386", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467386" + "url": "http://www.securityfocus.com/bid/31904", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/31904" }, { - "name": "36530", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/36530" + "url": "http://www.vupen.com/english/advisories/2011/0419", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2011/0419" }, { - "name": "FEDORA-2008-9042", - "refsource": "FEDORA", - "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html" + "url": "https://access.redhat.com/errata/RHSA-2009:1341", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2009:1341" }, { - "name": "43362", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/43362" + "url": "https://access.redhat.com/errata/RHSA-2011:0266", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2011:0266" }, { - "name": "RHSA-2011:0266", - "refsource": "REDHAT", - "url": "http://www.redhat.com/support/errata/RHSA-2011-0266.html" + "url": "https://access.redhat.com/security/cve/CVE-2008-4579", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2008-4579" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=467386", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=467386" + }, + { + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10799", + "refsource": "MISC", + "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10799" + }, + { + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html", + "refsource": "MISC", + "name": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "LOCAL", + "authentication": "SINGLE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 1.5, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:L/AC:M/Au:S/C:N/I:P/A:N", + "version": "2.0" } ] }