CVE-2008-6560

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product.

Desbordamiento de búfer en CMAN - The Cluster Manager versiones anteriores a v2.03.09-1 en Fedora 9 y Red Hat Enterprise Linux (RHEL) 5 permite a atacantes provocar una denegación de servicio (consumo de CPU y consumo de memoria) a través de un fichero cluster.conf con muchas líneas.
NOTA: no está claro si este problema cruza fronteras de privilegios en usuarios reales del producto.

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-03-30 CVE Reserved
2009-03-31 CVE Published
2024-08-07 CVE Updated
2024-09-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (7)

URL	Tag	Source
http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/49832	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html	2023-11-07
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html	2023-11-07
http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html	2023-11-07
http://www.ubuntu.com/usn/USN-875-1	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=468966	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"	Cman Search vendor "Redhat" for product "Cman"	<= 2.03.08-1 Search vendor "Redhat" for product "Cman" and version " <= 2.03.08-1"	-	Affected	in	Redhat Search vendor "Redhat"	Fedora Search vendor "Redhat" for product "Fedora"	9 Search vendor "Redhat" for product "Fedora" and version "9"	-	Safe
Redhat Search vendor "Redhat"	Cman Search vendor "Redhat" for product "Cman"	<= 2.03.08-1 Search vendor "Redhat" for product "Cman" and version " <= 2.03.08-1"	-	Affected	in	Redhat Search vendor "Redhat"	Linux Search vendor "Redhat" for product "Linux"	5.0 Search vendor "Redhat" for product "Linux" and version "5.0"	enterprise	Safe
Redhat Search vendor "Redhat"	Cman Search vendor "Redhat" for product "Cman"	2.03.03-1 Search vendor "Redhat" for product "Cman" and version "2.03.03-1"	-	Affected	in	Redhat Search vendor "Redhat"	Fedora Search vendor "Redhat" for product "Fedora"	9 Search vendor "Redhat" for product "Fedora" and version "9"	-	Safe
Redhat Search vendor "Redhat"	Cman Search vendor "Redhat" for product "Cman"	2.03.03-1 Search vendor "Redhat" for product "Cman" and version "2.03.03-1"	-	Affected	in	Redhat Search vendor "Redhat"	Linux Search vendor "Redhat" for product "Linux"	5.0 Search vendor "Redhat" for product "Linux" and version "5.0"	enterprise	Safe
Redhat Search vendor "Redhat"	Cman Search vendor "Redhat" for product "Cman"	2.03.04-1 Search vendor "Redhat" for product "Cman" and version "2.03.04-1"	-	Affected	in	Redhat Search vendor "Redhat"	Fedora Search vendor "Redhat" for product "Fedora"	9 Search vendor "Redhat" for product "Fedora" and version "9"	-	Safe
Redhat Search vendor "Redhat"	Cman Search vendor "Redhat" for product "Cman"	2.03.04-1 Search vendor "Redhat" for product "Cman" and version "2.03.04-1"	-	Affected	in	Redhat Search vendor "Redhat"	Linux Search vendor "Redhat" for product "Linux"	5.0 Search vendor "Redhat" for product "Linux" and version "5.0"	enterprise	Safe
Redhat Search vendor "Redhat"	Cman Search vendor "Redhat" for product "Cman"	2.03.05-1 Search vendor "Redhat" for product "Cman" and version "2.03.05-1"	-	Affected	in	Redhat Search vendor "Redhat"	Fedora Search vendor "Redhat" for product "Fedora"	9 Search vendor "Redhat" for product "Fedora" and version "9"	-	Safe
Redhat Search vendor "Redhat"	Cman Search vendor "Redhat" for product "Cman"	2.03.05-1 Search vendor "Redhat" for product "Cman" and version "2.03.05-1"	-	Affected	in	Redhat Search vendor "Redhat"	Linux Search vendor "Redhat" for product "Linux"	5.0 Search vendor "Redhat" for product "Linux" and version "5.0"	enterprise	Safe
Redhat Search vendor "Redhat"	Cman Search vendor "Redhat" for product "Cman"	2.03.07-1 Search vendor "Redhat" for product "Cman" and version "2.03.07-1"	-	Affected	in	Redhat Search vendor "Redhat"	Fedora Search vendor "Redhat" for product "Fedora"	9 Search vendor "Redhat" for product "Fedora" and version "9"	-	Safe
Redhat Search vendor "Redhat"	Cman Search vendor "Redhat" for product "Cman"	2.03.07-1 Search vendor "Redhat" for product "Cman" and version "2.03.07-1"	-	Affected	in	Redhat Search vendor "Redhat"	Linux Search vendor "Redhat" for product "Linux"	5.0 Search vendor "Redhat" for product "Linux" and version "5.0"	enterprise	Safe