Lucene search

[email protected]CVE-2013-2561

HistoryNov 23, 2013 - 6:55 p.m.

CVE-2013-2561

2013-11-2318:55:04

CWE-59

[email protected]

web.nvd.nist.gov

cve-2013-2561

openfabrics

ibutils

symlink attack

local file overwrite

security vulnerability

6.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.

Affected configurations

NVD

Node

redhatenterprise_linuxMatch6.0

Node

openfabricsibutilsMatch1.5.7

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq6.0

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	6.0

References

rhn.redhat.com/errata/RHSA-2013-1661.html

seclists.org/fulldisclosure/2013/Mar/87

www.openwall.com/lists/oss-security/2013/03/19/8

www.openwall.com/lists/oss-security/2013/03/26/1

www.openwall.com/lists/oss-security/2013/03/26/11

www.openwall.com/lists/oss-security/2013/03/26/4

www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

www.securityfocus.com/bid/58335

bugzilla.redhat.com/show_bug.cgi?id=927430

6.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-2561

debiancve1 cvelist1 veracode1 nessus8 nvd2 ubuntucve1 prion2 openvas4 centos1 amazon1 redhat1 cve1 oraclelinux1