{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-06T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "cman-clusterconf-dos(49832)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"name": "USN-875-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6560", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cman-clusterconf-dos(49832)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}, {"name": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=67fee9128e54c6c3fc3eae306b5b501f3029c3be", "refsource": "CONFIRM", "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"name": "FEDORA-2008-9458", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"name": "USN-875-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"name": "FEDORA-2008-9458", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=468966", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"name": "FEDORA-2008-9458", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:34:47.082Z"}, "title": "CVE Program Container", "references": [{"name": "cman-clusterconf-dos(49832)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"name": "USN-875-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"name": "FEDORA-2008-9458", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6560", "datePublished": "2009-03-31T10:00:00", "dateReserved": "2009-03-30T00:00:00", "dateUpdated": "2024-08-07T11:34:47.082Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cman:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5280A55-F6CF-4D35-B9D4-A76321EC591A", "versionEndIncluding": "2.03.08-1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cman:2.03.03-1:*:*:*:*:*:*:*", "matchCriteriaId": "F12B9C5F-29A5-4B40-89E2-CD32477C087F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cman:2.03.04-1:*:*:*:*:*:*:*", "matchCriteriaId": "06ABB244-870D-4D5F-81FA-0D8D133A1B2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cman:2.03.05-1:*:*:*:*:*:*:*", "matchCriteriaId": "C31DAF4D-B7BB-43CE-87EC-33062475AF0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cman:2.03.07-1:*:*:*:*:*:*:*", "matchCriteriaId": "25AD771F-0B14-4EC9-A425-3E49BE177402", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:fedora:9:*:*:*:*:*:*:*", "matchCriteriaId": "D32A30CD-EA21-4AA6-868F-3448AA50B70D", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:linux:5.0:*:enterprise:*:*:*:*:*", "matchCriteriaId": "A00F5B01-0C61-48A6-BE78-1981CA6C09FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en CMAN - The Cluster Manager versiones anteriores a v2.03.09-1 en Fedora 9 y Red Hat Enterprise Linux (RHEL) 5 permite a atacantes provocar una denegaci\u00f3n de servicio (consumo de CPU y consumo de memoria) a trav\u00e9s de un fichero cluster.conf con muchas l\u00edneas. \r\nNOTA: no est\u00e1 claro si este problema cruza fronteras de privilegios en usuarios reales del producto."}], "id": "CVE-2008-6560", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-03-31T14:09:53.390", "references": [{"source": "cve@mitre.org", "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.fedorahosted.org/git/cluster.git?p=cluster.git%3Ba=commitdiff%3Bh=67fee9128e54c6c3fc3eae306b5b501f3029c3be"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00163.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00164.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/archives/fedora-package-announce/2008-November/msg00165.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-875-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=468966"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49832"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat does not consider this to be a security issue. The misbehaviour of CMAN is triggered by corrupted / specially crafted cluster.conf configuration file. Ability to edit this file is restricted to system administrator, therefore no privilege boundary is crossed.", "lastModified": "2009-08-04T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}