Rapid7 Vulnerability & Exploit Database

RHSA-2011:1000: rgmanager security, bug fix, and enhancement update

Back to Search

RHSA-2011:1000: rgmanager security, bug fix, and enhancement update

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
10/20/2010
Created
07/25/2018
Added
07/29/2011
Modified
07/04/2017

Description

The rgmanager package contains the Red Hat Resource Group Manager, whichprovides the ability to create and manage high-availability serverapplications in the event of system downtime.It was discovered that certain resource agent scripts set theLD_LIBRARY_PATH environment variable to an insecure value containing emptypath elements. A local user able to trick a user running those scripts torun them while working from an attacker-writable directory could use thisflaw to escalate their privileges via a specially-crafted dynamic library.(CVE-2010-3389)Red Hat would like to thank Raphael Geissert for reporting this issue.This update also fixes the following bugs:As well, this update adds the following enhancements:All users of Red Hat Resource Group Manager are advised to upgrade to thisupdated package, which contains backported patches to correct these issuesand add these enhancements.

Solution(s)

  • redhat-upgrade-rgmanager

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;