Detections
Analytics

RHEL 5 : gfs2-utils (RHSA-2009:1337)

medium Nessus Plugin ID 40839

Synopsis

The remote Red Hat host is missing a security update for gfs2-utils.

Description

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2009:1337 advisory.

 The gfs2-utils package provides the user-space tools necessary to mount, create, maintain, and test GFS2 file systems.

 Multiple insecure temporary file use flaws were discovered in GFS2 user level utilities. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack.
 (CVE-2008-6552)

 This update also fixes the following bugs:

 * gfs2_fsck now properly detects and repairs problems with sequence numbers on GFS2 file systems.

 * GFS2 user utilities now use the file system UUID.

 * gfs2_grow now properly updates the file system size during operation.

 * gfs2_fsck now returns the proper exit codes.

 * gfs2_convert now properly frees blocks when removing free blocks up to height 2.

 * the gfs2_fsck manual page has been renamed to fsck.gfs2 to match current standards.

 * the 'gfs2_tool df' command now provides human-readable output.

 * mounting GFS2 file systems with the noatime or noquota option now works properly.

 * new capabilities have been added to the gfs2_edit tool to help in testing and debugging GFS and GFS2 issues.

 * the 'gfs2_tool df' command no longer segfaults on file systems with a block size other than 4k.

 * the gfs2_grow manual page no longer references the '-r' option, which has been removed.

 * the 'gfs2_tool unfreeze' command no longer hangs during use.

 * gfs2_convert no longer corrupts file systems when converting from GFS to GFS2.

 * gfs2_fsck no longer segfaults when encountering a block which is listed as both a data and stuffed directory inode.

 * gfs2_fsck can now fix file systems even if the journal is already locked for use.

 * a GFS2 file system's metadata is now properly copied with 'gfs2_edit savemeta' and 'gfs2_edit restoremeta'.

 * the gfs2_edit savemeta function now properly saves blocks of type 2.

 * 'gfs2_convert -vy' now works properly on the PowerPC architecture.

 * when mounting a GFS2 file system as '/', mount_gfs2 no longer fails after being unable to find the file system in '/proc/mounts'.

 * gfs2_fsck no longer segfaults when fixing 'EA leaf block type' problems.

 All gfs2-utils users should upgrade to this updated package, which resolves these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL gfs2-utils package based on the guidance in RHSA-2009:1337.

See Also

http://www.nessus.org/u?322f23e2

https://access.redhat.com/security/updates/classification/#low

https://bugzilla.redhat.com/show_bug.cgi?id=242701

https://bugzilla.redhat.com/show_bug.cgi?id=469773

https://bugzilla.redhat.com/show_bug.cgi?id=474705

https://bugzilla.redhat.com/show_bug.cgi?id=474707

https://bugzilla.redhat.com/show_bug.cgi?id=477072

https://bugzilla.redhat.com/show_bug.cgi?id=481762

https://bugzilla.redhat.com/show_bug.cgi?id=483799

https://bugzilla.redhat.com/show_bug.cgi?id=485761

https://bugzilla.redhat.com/show_bug.cgi?id=486034

https://bugzilla.redhat.com/show_bug.cgi?id=487608

https://bugzilla.redhat.com/show_bug.cgi?id=498646

https://bugzilla.redhat.com/show_bug.cgi?id=501732

https://bugzilla.redhat.com/show_bug.cgi?id=502056

https://bugzilla.redhat.com/show_bug.cgi?id=506629

https://bugzilla.redhat.com/show_bug.cgi?id=510758

https://bugzilla.redhat.com/show_bug.cgi?id=519436

https://access.redhat.com/errata/RHSA-2009:1337

Plugin Details

Severity: Medium

ID: 40839

File Name: redhat-RHSA-2009-1337.nasl

Version: 1.25

Type: local

Agent: unix

Published: 9/2/2009

Updated: 3/20/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Low

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2008-6552

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:5, p-cpe:/a:redhat:enterprise_linux:gfs2-utils

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/2/2009

Vulnerability Publication Date: 3/30/2009

Reference Information

CVE: CVE-2008-6552

BID: 32179

CWE: 377

RHSA: 2009:1337