Detections
Analytics

Oracle Linux 5 : rgmanager (ELSA-2011-1000)

high Nessus Plugin ID 181107

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2011-1000 advisory.

 [2.0.52-21]
 - rgmanager: Fix bad passing of SFL_FAILURE up (fix_bad_passing_of_sfl_failure_up.patch) Resolves: rhbz#711521

 [2.0.52-20]
 - resource-agents: Improve LD_LIBRARY_PATH handling by SAP* (resource_agents_improve_ld_library_path_handling_by_sap*.patch) Resolves: rhbz#710637

 [2.0.52-19]
 - Fix changelog format
 - rgmanager: Fix reference count handling (fix_reference_count_handling.patch) Resolves: rhbz#692771

 [2.0.52-18]
 - resource-agents: postgres-8 resource agent does not detect a failed start of postgres server (postgres-8-Fix_pid_files.patch) Resolves: rhbz#663827

 [2.0.52-16]
 - rgmanager: Allow non-root clustat (allow_non_root_clustat.patch) Resolves: rhbz#510300
 - rgmanager: Initial commit of central proc + migration support (central_proc_+_migration_support.patch) Resolves: rhbz#525271
 - rgmanager: Make clufindhostname -i predictable (make_clufindhostname_i_predictable.patch) Resolves: rhbz#592613
 - resource-agents: Trim trailing slash for nfs clients (trim_trailing_slash_for_nfs_clients.patch) Resolves: rhbz#592624
 - rgmanager: Update last_owner on failover (update_last_owner_on_failover.patch) Resolves: rhbz#610483
 - rgmanager: Pause during exit if we stopped services (pause_during_exit_if_we_stopped_services.patch) Resolves: rhbz#619468
 - rgmanager: Fix quotaoff handling (fix_quotaoff_handling.patch) Resolves: rhbz#637678
 - resource-agents: Try force-unmount before fuser for netfs.sh (try_force_unmount_before_fuser_for_netfs_sh.patch) Resolves: rhbz#678494
 - rgmanager: Improve rgmanager's exclusive prioritization handling (improve_rgmanager_s_exclusive_prioritization_handling.patch) Resolves: rhbz#680256

 [2.0.52-15]
 - resource-agents: postgres-8 resource agent does not detect a failed start of postgres server (postgres-8-Do-not-send-TERM-signal-when-killing-post.patch) (postgres-8-Improve-testing-if-postgres-started-succe.patch) Resolves: rhbz#663827

 [2.0.52-14]
 - resource-agents: Fix problems when generating XML configuration file (rgmanager-Fix-problems-in-generated-XML-config-file.patch) Resolves: rhbz#637802

 [2.0.52-13]
 - resource-agents: Use literal quotes for tr calls (resource_agents_use_literal_quotes_for_tr_calls.patch) Resolves: rhbz#637154

 [2.0.52-12]
 - resource-agents: Use shutdown immediate in oracledb.sh (use_shutdown_immediate_in_oracledb_sh.patch) Resolves: rhbz#633992
 - rgmanager: Add path to rhev-check.sh (add_path_to_rhev_check_sh.patch) Resolves: rhbz#634225
 - rgmanager: Make clustat report correct version (make_clustat_report_correct_version.patch) Resolves: rhbz#654160

 [2.0.52-11]
 - resource-agents: Listen line in generated httpd.conf incorrect (resource-agents-Remove-netmask-from-IP-address-when.patch) Resolves: rhbz#675739
 - resource-agents: Disable updates to static routes by RHCS IP tooling (resource-agents-Add-option-disable_rdisc-to-ip.sh.patch) Resolves: rhbz#620700

 [2.0.52-10.1]
 - rgmanager: Fix nofailback when service is in 'starting' state (fix_nofailback_when_service_is_in_starting_state.patch) Resolves: rhbz#669440

 [2.0.52-10]
 - resource-agents: Problem with whitespace in mysql resource name (resource_agents_fix_whitespace_in_names.patch) Resolves: rhbz#632704

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected rgmanager package.

See Also

https://linux.oracle.com/errata/ELSA-2011-1000.html

Plugin Details

Severity: High

ID: 181107

File Name: oraclelinux_ELSA-2011-1000.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/7/2023

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2010-3389

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:oracle:linux:5, p-cpe:/a:oracle:linux:rgmanager

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/31/2011

Vulnerability Publication Date: 9/30/2010

Reference Information

CVE: CVE-2010-3389