Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2012 Greenbone Networks GmbHOPENVAS:870565
HistoryFeb 21, 2012 - 12:00 a.m.

RedHat Update for ibutils RHSA-2012:0311-03

2012-02-2100:00:00
Copyright (c) 2012 Greenbone Networks GmbH
plugins.openvas.org
7

0.0004 Low

EPSS

Percentile

10.0%

JSON

Check for the Version of ibutils

###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for ibutils RHSA-2012:0311-03
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "The ibutils packages provide InfiniBand network and path diagnostics.

  It was found that the ibmssh executable had an insecure relative RPATH
  (runtime library search path) set in the ELF (Executable and Linking
  Format) header. A local user able to convince another user to run ibmssh in
  an attacker-controlled directory could run arbitrary code with the
  privileges of the victim. (CVE-2008-3277)

  This update also fixes the following bug:

  * Under certain circumstances, the "ibdiagnet -r" command could suffer from
  memory corruption and terminate with a "double free or corruption" message
  and a backtrace. With this update, the correct memory management function
  is used to prevent the corruption. (BZ#711779)

  All users of ibutils are advised to upgrade to these updated packages,
  which contain backported patches to correct these issues.";

tag_affected = "ibutils on Red Hat Enterprise Linux (v. 5 server)";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2012-February/msg00045.html");
  script_id(870565);
  script_version("$Revision: 8285 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $");
  script_tag(name:"creation_date", value:"2012-02-21 18:57:32 +0530 (Tue, 21 Feb 2012)");
  script_cve_id("CVE-2008-3277");
  script_tag(name:"cvss_base", value:"4.4");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_xref(name: "RHSA", value: "2012:0311-03");
  script_name("RedHat Update for ibutils RHSA-2012:0311-03");

  script_tag(name: "summary" , value: "Check for the Version of ibutils");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "RHENT_5")
{

  if ((res = isrpmvuln(pkg:"ibutils", rpm:"ibutils~1.2~11.2.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ibutils-debuginfo", rpm:"ibutils-debuginfo~1.2~11.2.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ibutils-devel", rpm:"ibutils-devel~1.2~11.2.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"ibutils-libs", rpm:"ibutils-libs~1.2~11.2.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Related

openvas 2
veracode 1
cve 1
debiancve 1
nessus 4
oraclelinux 1
prion 1
redhat 1
ubuntucve 1
cvelist 1
nvd 1
openvas
openvas
RedHat Update for ibutils RHSA-2012:0311-03
2012-02-21 00:00:00
Oracle: Security Advisory (ELSA-2012-0311)
2015-10-06 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:11:27
cve
cve
CVE-2008-3277
2014-04-15 23:55:06
debiancve
debiancve
CVE-2008-3277
2014-04-15 23:55:06
nessus
nessus
RHEL 4 : ibutils (Unpatched Vulnerability)
2024-06-03 00:00:00
Oracle Linux 5 : ibutils (ELSA-2012-0311)
2013-07-12 00:00:00
Scientific Linux Security Update : ibutils on SL5.x i386/x86_64 (20120221)
2012-08-01 00:00:00
oraclelinux
oraclelinux
ibutils security and bug fix update
2012-03-01 00:00:00
prion
prion
Design/Logic Flaw
2014-04-15 23:55:00
redhat
redhat
(RHSA-2012:0311) Low: ibutils security and bug fix update
2012-02-21 00:00:00
ubuntucve
ubuntucve
CVE-2008-3277
2014-04-15 00:00:00
cvelist
cvelist
CVE-2008-3277
2014-04-15 18:00:00
nvd
nvd
CVE-2008-3277
2014-04-15 23:55:06

0.0004 Low

EPSS

Percentile

10.0%

JSON
Related for OPENVAS:870565
openvas2veracode1cve1debiancve1nessus4oraclelinux1prion1redhat1ubuntucve1cvelist1nvd1