8 results (0.009 seconds)

CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 1

CVE-2013-2561 – ibutils: insecure handling of files in the /tmp directory

https://notcve.org/view.php?id=CVE-2013-2561

OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/. OpenFabrics ibutils 1.5.7 permite a usuarios locales sobreescribir archivos arbitrarios a través de ataques symlink en (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet. lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl o (10) ibdiagnet.sm en / tmp /. • http://rhn.redhat.com/errata/RHSA-2013-1661.html http://seclists.org/fulldisclosure/2013/Mar/87 http://www.openwall.com/lists/oss-security/2013/03/19/8 http://www.openwall.com/lists/oss-security/2013/03/26/1 http://www.openwall.com/lists/oss-security/2013/03/26/11 http://www.openwall.com/lists/oss-security/2013/03/26/4 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/58335 https://bugzilla.redhat • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2012-4518 – ibacm: ibacm service files created with world writable permissions (DoS)

https://notcve.org/view.php?id=CVE-2012-4518

ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file. ibacm v1.0.7 crea archivos con permisos de escritura globales, lo que permite a usuarios locales sobrescribir el registro del demonio ib_acm o el archivo ibacm.port. • http://git.openfabrics.org/git?p=~shefty/ibacm.git%3Ba=commit%3Bh=d204fca2b6298d7799e918141ea8e11e7ad43cec http://rhn.redhat.com/errata/RHSA-2013-0509.html http://www.openwall.com/lists/oss-security/2012/10/11/6 http://www.openwall.com/lists/oss-security/2012/10/11/9 http://www.securityfocus.com/bid/55890 https://access.redhat.com/security/cve/CVE-2012-4518 https://bugzilla.redhat.com/show_bug.cgi?id=865499 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2012-4516 – librdmacm: Tried to connect to port 6125 if ibacm.port was not found

https://notcve.org/view.php?id=CVE-2012-4516

librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service. librdmacm v1.0.16, cuando no se especifica ibacm.port, conecta con el puerto 6125, lo que permite a atacantes remotos a especificar la información de resolución de dirección para la aplicación mediante un servicio ib_acm. • http://git.openfabrics.org/git?p=~shefty/librdmacm.git%3Ba=commitdiff%3Bh=4b5c1aa734e0e734fc2ba3cd41d0ddf02170af6d http://www.openwall.com/lists/oss-security/2012/10/11/6 http://www.openwall.com/lists/oss-security/2012/10/11/9 http://www.securityfocus.com/bid/55896 https://bugzilla.redhat.com/show_bug.cgi?id=865483 https://access.redhat.com/security/cve/CVE-2012-4516 •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0

CVE-2012-4517 – ibacm: DoS (ibacm deamon crash) by joining responses for multicast destinations

https://notcve.org/view.php?id=CVE-2012-4517

ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response. ibacm antes de v1.0.6 no gestiona adecuadamente recuentos de referencia para las conexiones de multidifusión, lo que permite a atacantes remotos provocar una denegación de servicio (caída del servicio ibacm) a través de una respuesta join manipulada. • http://comments.gmane.org/gmane.linux.drivers.rdma/11659 http://git.openfabrics.org/git?p=~shefty/ibacm.git%3Ba=commit%3Bh=c7d28b35d64333c262de3ec972c426423dadccf9 http://rhn.redhat.com/errata/RHSA-2013-0509.html http://www.openwall.com/lists/oss-security/2012/10/11/6 http://www.openwall.com/lists/oss-security/2012/10/11/9 http://www.securityfocus.com/bid/55890 https://bugzilla.redhat.com/show_bug.cgi?id=865492 https://exchange.xforce.ibmcloud.com/vulnerabilities/79396 https:/&# • CWE-399: Resource Management Errors •

CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2008-3277 – ibutils: insecure relative RPATH

https://notcve.org/view.php?id=CVE-2008-3277

Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header. Vulnerabilidad de búsqueda de ruta no confiable en cierto build script de Red Hat para el ejecutable ibmssh en paquetes ibutils anterior a ibutils-1.5.7-2.el6 en Red Hat Enterprise Linux (RHEL) 6 y ibutils-1.2-11.2.el5 en Red Hat Enterprise Linux (RHEL) 5 permite a usuarios locales ganar privilegios a través de un programa caballo de troya en refix/lib/, relacionado con una configuración RPATH incorrecta en la cabecera ELF. • http://rhn.redhat.com/errata/RHSA-2012-0311.html https://bugzilla.redhat.com/show_bug.cgi?id=457935 https://access.redhat.com/security/cve/CVE-2008-3277 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •