CVE-2013-2561 – ibutils: insecure handling of files in the /tmp directory
https://notcve.org/view.php?id=CVE-2013-2561
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/. OpenFabrics ibutils 1.5.7 permite a usuarios locales sobreescribir archivos arbitrarios a través de ataques symlink en (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet. lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl o (10) ibdiagnet.sm en / tmp /. • http://rhn.redhat.com/errata/RHSA-2013-1661.html http://seclists.org/fulldisclosure/2013/Mar/87 http://www.openwall.com/lists/oss-security/2013/03/19/8 http://www.openwall.com/lists/oss-security/2013/03/26/1 http://www.openwall.com/lists/oss-security/2013/03/26/11 http://www.openwall.com/lists/oss-security/2013/03/26/4 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/58335 https://bugzilla.redhat • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2008-3277 – ibutils: insecure relative RPATH
https://notcve.org/view.php?id=CVE-2008-3277
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header. Vulnerabilidad de búsqueda de ruta no confiable en cierto build script de Red Hat para el ejecutable ibmssh en paquetes ibutils anterior a ibutils-1.5.7-2.el6 en Red Hat Enterprise Linux (RHEL) 6 y ibutils-1.2-11.2.el5 en Red Hat Enterprise Linux (RHEL) 5 permite a usuarios locales ganar privilegios a través de un programa caballo de troya en refix/lib/, relacionado con una configuración RPATH incorrecta en la cabecera ELF. • http://rhn.redhat.com/errata/RHSA-2012-0311.html https://bugzilla.redhat.com/show_bug.cgi?id=457935 https://access.redhat.com/security/cve/CVE-2008-3277 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •