{"href": "http://plugins.openvas.org/nasl.php?oid=881666", "history": [{"lastseen": "2017-07-25T10:51:42", "differentElements": ["modified", "sourceData"], "edition": 2, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=881666", "history": [], "naslFamily": "CentOS Local Security Checks", "id": "OPENVAS:881666", "title": "CentOS Update for ibsim CESA-2013:0509 centos6 ", "description": "Check for the Version of ibsim", "published": "2013-03-12T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "href", "hash": "822b684a70fe80fc44fbb3787f574fb4"}, {"key": "description", "hash": "cc231a169863222e10a5e7b66fec7f0c"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "f69711506efe71ca52403606ebc97209"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "published", "hash": "32b73c3f5bbe2b383186efb6bf4d6f74"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "references", "hash": "6aaab16adf78f1f404ca0ac0a93b3609"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "cvelist", "hash": "fb3c416a8ae0ac232446185c5897d02e"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}, {"key": "sourceData", "hash": "9a633e6e7eec38158bd1863b817cae2d"}, {"key": "title", "hash": "7f1fc6874f56969c7851e50b11651de7"}], "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ibsim CESA-2013:0509 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\n utilities, libraries and development packages for writing applications\n that use Remote Direct Memory Access (RDMA) technology.\n\n A denial of service flaw was found in the way ibacm managed reference\n counts for multicast connections. An attacker could send specially-crafted\n multicast packets that would cause the ibacm daemon to crash.\n (CVE-2012-4517)\n \n It was found that the ibacm daemon created some files with world-writable\n permissions. A local attacker could use this flaw to overwrite the\n contents of the ibacm.log or ibacm.port file, allowing them to mask\n certain actions from the log or cause ibacm to run on a non-default port.\n (CVE-2012-4518)\n \n CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\n Security Team and Kurt Seifried of the Red Hat Security Response Team.\n \n The InfiniBand/iWARP/RDMA stack components have been upgraded to more\n recent upstream versions.\n \n This update also fixes the following bugs:\n \n * Previously, the "ibnodes -h" command did not show a proper usage message.\n With this update the problem is fixed and "ibnodes -h" now shows the\n correct usage message. (BZ#818606)\n \n * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\n hardware's physical state as invalid even when the device was working. For\n iWARP hardware, the phys_state field has no meaning. This update patches\n the utility to not print out anything for this field when the hardware is\n iWARP hardware. (BZ#822781)\n \n * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\n the InfiniBand device files in the wrong place and a udev rules file was\n used to force the devices to be created in the proper place. With the\n update to 6.3, the kernel was fixed to create the InfiniBand device files\n in the proper place, and so the udev rules file was removed as no longer\n being necessary. However, a bug in the kernel device creation meant that,\n although the devices were now being created in the right place, they had\n incorrect permissions. Consequently, when users attempted to run an RDMA\n application as a non-root user, the application failed to get the necessary\n permissions to use the RDMA device and the application terminated. This\n update puts a new udev rules file in place. It no longer attempts to create\n the InfiniBand devices since they already exist, but it does correct the\n device permissions on the files. (BZ#834428)\n \n * Previously, using the "perfquery -C" command with a host name caused the\n perfque ... \n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"ibsim on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019347.html\");\n script_id(881666);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:01:38 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0509\");\n script_name(\"CentOS Update for ibsim CESA-2013:0509 centos6 \");\n\n script_summary(\"Check for the Version of ibsim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ibsim\", rpm:\"ibsim~0.5~7.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "pluginID": "881666", "hash": "ce708a9ac98ab557bb92394709ab3085ae72b0f275fd344de98c432f3806fe82", "modified": "2017-07-10T00:00:00", "edition": 2, "cvelist": ["CVE-2012-4517", "CVE-2012-4518"], "lastseen": "2017-07-25T10:51:42", "viewCount": 0, "enchantments": {"score": {"modified": "2017-07-25T10:51:42", "value": 3.6}}, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "objectVersion": "1.3", "references": ["2013:0509", "http://lists.centos.org/pipermail/centos-announce/2013-March/019347.html"]}}, {"lastseen": "2017-07-02T21:11:06", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=881666", "history": [], "naslFamily": "CentOS Local Security Checks", "id": "OPENVAS:881666", "title": "CentOS Update for ibsim CESA-2013:0509 centos6 ", "description": "Check for the Version of ibsim", "published": "2013-03-12T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "href", "hash": "822b684a70fe80fc44fbb3787f574fb4"}, {"key": "description", "hash": "cc231a169863222e10a5e7b66fec7f0c"}, {"key": "sourceData", "hash": "97ff4d3773d55c2ede7ea6652063b998"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "f69711506efe71ca52403606ebc97209"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "modified", "hash": "e29ab3248acfd6527d1025d945e184c6"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "published", "hash": "32b73c3f5bbe2b383186efb6bf4d6f74"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "references", "hash": "6aaab16adf78f1f404ca0ac0a93b3609"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "cvelist", "hash": "fb3c416a8ae0ac232446185c5897d02e"}, {"key": "title", "hash": "7f1fc6874f56969c7851e50b11651de7"}], "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ibsim CESA-2013:0509 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\n utilities, libraries and development packages for writing applications\n that use Remote Direct Memory Access (RDMA) technology.\n\n A denial of service flaw was found in the way ibacm managed reference\n counts for multicast connections. An attacker could send specially-crafted\n multicast packets that would cause the ibacm daemon to crash.\n (CVE-2012-4517)\n \n It was found that the ibacm daemon created some files with world-writable\n permissions. A local attacker could use this flaw to overwrite the\n contents of the ibacm.log or ibacm.port file, allowing them to mask\n certain actions from the log or cause ibacm to run on a non-default port.\n (CVE-2012-4518)\n \n CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\n Security Team and Kurt Seifried of the Red Hat Security Response Team.\n \n The InfiniBand/iWARP/RDMA stack components have been upgraded to more\n recent upstream versions.\n \n This update also fixes the following bugs:\n \n * Previously, the "ibnodes -h" command did not show a proper usage message.\n With this update the problem is fixed and "ibnodes -h" now shows the\n correct usage message. (BZ#818606)\n \n * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\n hardware's physical state as invalid even when the device was working. For\n iWARP hardware, the phys_state field has no meaning. This update patches\n the utility to not print out anything for this field when the hardware is\n iWARP hardware. (BZ#822781)\n \n * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\n the InfiniBand device files in the wrong place and a udev rules file was\n used to force the devices to be created in the proper place. With the\n update to 6.3, the kernel was fixed to create the InfiniBand device files\n in the proper place, and so the udev rules file was removed as no longer\n being necessary. However, a bug in the kernel device creation meant that,\n although the devices were now being created in the right place, they had\n incorrect permissions. Consequently, when users attempted to run an RDMA\n application as a non-root user, the application failed to get the necessary\n permissions to use the RDMA device and the application terminated. This\n update puts a new udev rules file in place. It no longer attempts to create\n the InfiniBand devices since they already exist, but it does correct the\n device permissions on the files. (BZ#834428)\n \n * Previously, using the "perfquery -C" command with a host name caused the\n perfque ... \n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"ibsim on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019347.html\");\n script_id(881666);\n script_version(\"$Revision: 2868 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-03-16 12:15:11 +0100 (Wed, 16 Mar 2016) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:01:38 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0509\");\n script_name(\"CentOS Update for ibsim CESA-2013:0509 centos6 \");\n\n script_summary(\"Check for the Version of ibsim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:centos:centos\", \"login/SSH/success\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ibsim\", rpm:\"ibsim~0.5~7.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "pluginID": "881666", "hash": "f80c6eccbd21e70710b7a6d09dbc7dc576554162e25c6c3eff7f71afa137ae63", "modified": "2016-03-16T00:00:00", "edition": 1, "cvelist": ["CVE-2012-4517", "CVE-2012-4518"], "lastseen": "2017-07-02T21:11:06", "viewCount": 0, "enchantments": {}, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "objectVersion": "1.3", "references": ["2013:0509", "http://lists.centos.org/pipermail/centos-announce/2013-March/019347.html"]}}], "naslFamily": "CentOS Local Security Checks", "id": "OPENVAS:881666", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-12T00:00:00", "description": "Check for the Version of ibsim", "title": "CentOS Update for ibsim CESA-2013:0509 centos6 ", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ibsim CESA-2013:0509 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\n utilities, libraries and development packages for writing applications\n that use Remote Direct Memory Access (RDMA) technology.\n\n A denial of service flaw was found in the way ibacm managed reference\n counts for multicast connections. An attacker could send specially-crafted\n multicast packets that would cause the ibacm daemon to crash.\n (CVE-2012-4517)\n \n It was found that the ibacm daemon created some files with world-writable\n permissions. A local attacker could use this flaw to overwrite the\n contents of the ibacm.log or ibacm.port file, allowing them to mask\n certain actions from the log or cause ibacm to run on a non-default port.\n (CVE-2012-4518)\n \n CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\n Security Team and Kurt Seifried of the Red Hat Security Response Team.\n \n The InfiniBand/iWARP/RDMA stack components have been upgraded to more\n recent upstream versions.\n \n This update also fixes the following bugs:\n \n * Previously, the "ibnodes -h" command did not show a proper usage message.\n With this update the problem is fixed and "ibnodes -h" now shows the\n correct usage message. (BZ#818606)\n \n * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\n hardware's physical state as invalid even when the device was working. For\n iWARP hardware, the phys_state field has no meaning. This update patches\n the utility to not print out anything for this field when the hardware is\n iWARP hardware. (BZ#822781)\n \n * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\n the InfiniBand device files in the wrong place and a udev rules file was\n used to force the devices to be created in the proper place. With the\n update to 6.3, the kernel was fixed to create the InfiniBand device files\n in the proper place, and so the udev rules file was removed as no longer\n being necessary. However, a bug in the kernel device creation meant that,\n although the devices were now being created in the right place, they had\n incorrect permissions. Consequently, when users attempted to run an RDMA\n application as a non-root user, the application failed to get the necessary\n permissions to use the RDMA device and the application terminated. This\n update puts a new udev rules file in place. It no longer attempts to create\n the InfiniBand devices since they already exist, but it does correct the\n device permissions on the files. (BZ#834428)\n \n * Previously, using the "perfquery -C" command with a host name caused the\n perfque ... \n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"ibsim on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019347.html\");\n script_id(881666);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:01:38 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0509\");\n script_name(\"CentOS Update for ibsim CESA-2013:0509 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of ibsim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ibsim\", rpm:\"ibsim~0.5~7.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "pluginID": "881666", "hash": "dab75db7c4980727ce2dbddb1cd0ce8cc20d7a4b598b77569fd027d16354a4d4", "references": ["2013:0509", "http://lists.centos.org/pipermail/centos-announce/2013-March/019347.html"], "edition": 3, "cvelist": ["CVE-2012-4517", "CVE-2012-4518"], "lastseen": "2018-01-18T11:08:54", "viewCount": 0, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2018-01-18T11:08:54"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-4518", "CVE-2012-4517"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0509"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2013-0509.NASL", "SL_20130221_RDMA_ON_SL6_X.NASL", "ORACLELINUX_ELSA-2013-0509.NASL", "CENTOS_RHSA-2013-0509.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:881641", "OPENVAS:1361412562310881670", "OPENVAS:881648", "OPENVAS:881668", "OPENVAS:1361412562310881632", "OPENVAS:1361412562310881666", "OPENVAS:881627", "OPENVAS:1361412562310123718", "OPENVAS:1361412562310881641", "OPENVAS:1361412562310881648"]}, {"type": "centos", "idList": ["CESA-2013:0509"]}, {"type": "redhat", "idList": ["RHSA-2013:0509"]}], "modified": "2018-01-18T11:08:54"}, "vulnersScore": 5.8}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "fb3c416a8ae0ac232446185c5897d02e"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "cc231a169863222e10a5e7b66fec7f0c"}, {"key": "href", "hash": "822b684a70fe80fc44fbb3787f574fb4"}, {"key": "modified", "hash": "ee0b2a19da285757f5b5bf6dc5d373c7"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "f69711506efe71ca52403606ebc97209"}, {"key": "published", "hash": "32b73c3f5bbe2b383186efb6bf4d6f74"}, {"key": "references", "hash": "6aaab16adf78f1f404ca0ac0a93b3609"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "sourceData", "hash": "b708476aba724132d15479b33065dc62"}, {"key": "title", "hash": "7f1fc6874f56969c7851e50b11651de7"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2018-01-17T00:00:00"}

{"cve": [{"lastseen": "2019-05-29T18:12:25", "bulletinFamily": "NVD", "description": "ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.", "modified": "2013-03-08T04:09:00", "id": "CVE-2012-4518", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4518", "published": "2012-10-22T23:55:00", "title": "CVE-2012-4518", "type": "cve", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:12:25", "bulletinFamily": "NVD", "description": "ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response.", "modified": "2017-08-29T01:32:00", "id": "CVE-2012-4517", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4517", "published": "2012-10-22T23:55:00", "title": "CVE-2012-4517", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-11-03T12:13:00", "bulletinFamily": "scanner", "description": "A denial of service flaw was found in the way ibacm managed reference\ncounts for multicast connections. An attacker could send specially\ncrafted multicast packets that would cause the ibacm daemon to crash.\n(CVE-2012-4517)\n\nIt was found that the ibacm daemon created some files with\nworld-writable permissions. A local attacker could use this flaw to\noverwrite the contents of the ibacm.log or ibacm.port file, allowing\nthem to mask certain actions from the log or cause ibacm to run on a\nnon-default port. (CVE-2012-4518)\n\nThe InfiniBand/iWARP/RDMA stack components have been upgraded to more\nrecent upstream versions.\n\nThis update also fixes the following bugs :\n\n - Previously, the ", "modified": "2019-11-02T00:00:00", "id": "SL_20130221_RDMA_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/65014", "published": "2013-03-05T00:00:00", "title": "Scientific Linux Security Update : rdma on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65014);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/11 12:05:37\");\n\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n\n script_name(english:\"Scientific Linux Security Update : rdma on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the way ibacm managed reference\ncounts for multicast connections. An attacker could send specially\ncrafted multicast packets that would cause the ibacm daemon to crash.\n(CVE-2012-4517)\n\nIt was found that the ibacm daemon created some files with\nworld-writable permissions. A local attacker could use this flaw to\noverwrite the contents of the ibacm.log or ibacm.port file, allowing\nthem to mask certain actions from the log or cause ibacm to run on a\nnon-default port. (CVE-2012-4518)\n\nThe InfiniBand/iWARP/RDMA stack components have been upgraded to more\nrecent upstream versions.\n\nThis update also fixes the following bugs :\n\n - Previously, the 'ibnodes -h' command did not show a\n proper usage message. With this update the problem is\n fixed and 'ibnodes -h' now shows the correct usage\n message.\n\n - Previously, the ibv_devinfo utility erroneously showed\n iWARP cxgb3 hardware's physical state as invalid even\n when the device was working. For iWARP hardware, the\n phys_state field has no meaning. This update patches the\n utility to not print out anything for this field when\n the hardware is iWARP hardware.\n\n - Prior to the release of Scientific Linux 6.3, the kernel\n created the InfiniBand device files in the wrong place\n and a udev rules file was used to force the devices to\n be created in the proper place. With the update to 6.3,\n the kernel was fixed to create the InfiniBand device\n files in the proper place, and so the udev rules file\n was removed as no longer being necessary. However, a bug\n in the kernel device creation meant that, although the\n devices were now being created in the right place, they\n had incorrect permissions. Consequently, when users\n attempted to run an RDMA application as a non-root user,\n the application failed to get the necessary permissions\n to use the RDMA device and the application terminated.\n This update puts a new udev rules file in place. It no\n longer attempts to create the InfiniBand devices since\n they already exist, but it does correct the device\n permissions on the files.\n\n - Previously, using the 'perfquery -C' command with a host\n name caused the perfquery utility to become\n unresponsive. The list of controllers to process was\n never cleared and the process looped infinitely on a\n single controller. A patch has been applied to make sure\n that in the case where the user passes in the -C option,\n the controller list is cleared out once that controller\n has been processed. As a result, perfquery now works as\n expected in the scenario described.\n\n - The OpenSM init script did not handle the case where\n there were no configuration files under\n '/etc/rdma/opensm.conf.*'. With this update, the script\n as been patched and the InfiniBand Subnet Manager,\n OpenSM, now starts as expected in the scenario\n described.\n\nThis update also adds the following enhancement :\n\n - This update provides an updated mlx4_ib Mellanox driver\n which includes Single Root I/O Virtualization (SR-IOV)\n support.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=1178\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5711aa05\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"ibacm-1.0.8-0.git7a3adb7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ibacm-debuginfo-1.0.8-0.git7a3adb7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ibacm-devel-1.0.8-0.git7a3adb7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ibsim-0.5-7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ibsim-debuginfo-0.5-7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ibutils-1.5.7-7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ibutils-debuginfo-1.5.7-7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ibutils-devel-1.5.7-7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ibutils-libs-1.5.7-7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"infiniband-diags-1.5.12-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"infiniband-diags-debuginfo-1.5.12-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"infiniband-diags-devel-1.5.12-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"infiniband-diags-devel-static-1.5.12-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"infinipath-psm-3.0.1-115.1015_open.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"infinipath-psm-debuginfo-3.0.1-115.1015_open.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"infinipath-psm-devel-3.0.1-115.1015_open.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibmad-1.3.9-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibmad-debuginfo-1.3.9-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibmad-devel-1.3.9-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibmad-static-1.3.9-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibumad-1.3.8-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibumad-debuginfo-1.3.8-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibumad-devel-1.3.8-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibumad-static-1.3.8-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibverbs-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibverbs-debuginfo-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibverbs-devel-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibverbs-devel-static-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libibverbs-utils-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libmlx4-1.0.4-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libmlx4-debuginfo-1.0.4-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libmlx4-static-1.0.4-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"librdmacm-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"librdmacm-devel-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"librdmacm-static-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"librdmacm-utils-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"opensm-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"opensm-debuginfo-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"opensm-devel-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"opensm-libs-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"opensm-static-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rdma-3.6-1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T03:20:41", "bulletinFamily": "scanner", "description": "Updated RDMA packages that fix multiple security issues, various bugs,\nand add an enhancement are now available for Red Hat Enterprise Linux\n6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat Enterprise Linux includes a collection of InfiniBand and iWARP\nutilities, libraries and development packages for writing applications\nthat use Remote Direct Memory Access (RDMA) technology.\n\nA denial of service flaw was found in the way ibacm managed reference\ncounts for multicast connections. An attacker could send specially\ncrafted multicast packets that would cause the ibacm daemon to crash.\n(CVE-2012-4517)\n\nIt was found that the ibacm daemon created some files with\nworld-writable permissions. A local attacker could use this flaw to\noverwrite the contents of the ibacm.log or ibacm.port file, allowing\nthem to mask certain actions from the log or cause ibacm to run on a\nnon-default port. (CVE-2012-4518)\n\nCVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\nSecurity Team and Kurt Seifried of the Red Hat Security Response Team.\n\nThe InfiniBand/iWARP/RDMA stack components have been upgraded to more\nrecent upstream versions.\n\nThis update also fixes the following bugs :\n\n* Previously, the ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2013-0509.NASL", "href": "https://www.tenable.com/plugins/nessus/64759", "published": "2013-02-21T00:00:00", "title": "RHEL 6 : rdma (RHSA-2013:0509)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0509. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64759);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:36\");\n\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_bugtraq_id(55890);\n script_xref(name:\"RHSA\", value:\"2013:0509\");\n\n script_name(english:\"RHEL 6 : rdma (RHSA-2013:0509)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated RDMA packages that fix multiple security issues, various bugs,\nand add an enhancement are now available for Red Hat Enterprise Linux\n6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat Enterprise Linux includes a collection of InfiniBand and iWARP\nutilities, libraries and development packages for writing applications\nthat use Remote Direct Memory Access (RDMA) technology.\n\nA denial of service flaw was found in the way ibacm managed reference\ncounts for multicast connections. An attacker could send specially\ncrafted multicast packets that would cause the ibacm daemon to crash.\n(CVE-2012-4517)\n\nIt was found that the ibacm daemon created some files with\nworld-writable permissions. A local attacker could use this flaw to\noverwrite the contents of the ibacm.log or ibacm.port file, allowing\nthem to mask certain actions from the log or cause ibacm to run on a\nnon-default port. (CVE-2012-4518)\n\nCVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\nSecurity Team and Kurt Seifried of the Red Hat Security Response Team.\n\nThe InfiniBand/iWARP/RDMA stack components have been upgraded to more\nrecent upstream versions.\n\nThis update also fixes the following bugs :\n\n* Previously, the 'ibnodes -h' command did not show a proper usage\nmessage. With this update the problem is fixed and 'ibnodes -h' now\nshows the correct usage message. (BZ#818606)\n\n* Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\nhardware's physical state as invalid even when the device was working.\nFor iWARP hardware, the phys_state field has no meaning. This update\npatches the utility to not print out anything for this field when the\nhardware is iWARP hardware. (BZ#822781)\n\n* Prior to the release of Red Hat Enterprise Linux 6.3, the kernel\ncreated the InfiniBand device files in the wrong place and a udev\nrules file was used to force the devices to be created in the proper\nplace. With the update to 6.3, the kernel was fixed to create the\nInfiniBand device files in the proper place, and so the udev rules\nfile was removed as no longer being necessary. However, a bug in the\nkernel device creation meant that, although the devices were now being\ncreated in the right place, they had incorrect permissions.\nConsequently, when users attempted to run an RDMA application as a\nnon-root user, the application failed to get the necessary permissions\nto use the RDMA device and the application terminated. This update\nputs a new udev rules file in place. It no longer attempts to create\nthe InfiniBand devices since they already exist, but it does correct\nthe device permissions on the files. (BZ#834428)\n\n* Previously, using the 'perfquery -C' command with a host name caused\nthe perfquery utility to become unresponsive. The list of controllers\nto process was never cleared and the process looped infinitely on a\nsingle controller. A patch has been applied to make sure that in the\ncase where the user passes in the -C option, the controller list is\ncleared out once that controller has been processed. As a result,\nperfquery now works as expected in the scenario described. (BZ#847129)\n\n* The OpenSM init script did not handle the case where there were no\nconfiguration files under '/etc/rdma/opensm.conf.*'. With this update,\nthe script as been patched and the InfiniBand Subnet Manager, OpenSM,\nnow starts as expected in the scenario described. (BZ#862857)\n\nThis update also adds the following enhancement :\n\n* This update provides an updated mlx4_ib Mellanox driver which\nincludes Single Root I/O Virtualization (SR-IOV) support. (BZ#869737)\n\nAll users of RDMA are advised to upgrade to these updated packages,\nwhich fix these issues and add this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4518\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ibacm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ibacm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ibacm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ibsim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ibsim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ibutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ibutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ibutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ibutils-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infiniband-diags\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infiniband-diags-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infiniband-diags-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infiniband-diags-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinipath-psm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinipath-psm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinipath-psm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibmad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibmad-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibmad-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibmad-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibumad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibumad-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibumad-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibumad-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibverbs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibverbs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibverbs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibverbs-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libibverbs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libmlx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libmlx4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libmlx4-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:librdmacm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:librdmacm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:librdmacm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:librdmacm-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:librdmacm-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:opensm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:opensm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:opensm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:opensm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:opensm-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rdma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0509\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ibacm-1.0.8-0.git7a3adb7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ibacm-1.0.8-0.git7a3adb7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ibacm-debuginfo-1.0.8-0.git7a3adb7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ibacm-debuginfo-1.0.8-0.git7a3adb7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ibacm-devel-1.0.8-0.git7a3adb7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ibacm-devel-1.0.8-0.git7a3adb7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ibsim-0.5-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ibsim-0.5-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ibsim-debuginfo-0.5-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ibsim-debuginfo-0.5-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ibutils-1.5.7-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ibutils-1.5.7-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ibutils-debuginfo-1.5.7-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ibutils-debuginfo-1.5.7-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ibutils-devel-1.5.7-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ibutils-devel-1.5.7-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ibutils-libs-1.5.7-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ibutils-libs-1.5.7-7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"infiniband-diags-1.5.12-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"infiniband-diags-1.5.12-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"infiniband-diags-debuginfo-1.5.12-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"infiniband-diags-debuginfo-1.5.12-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"infiniband-diags-devel-1.5.12-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"infiniband-diags-devel-1.5.12-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"infiniband-diags-devel-static-1.5.12-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"infiniband-diags-devel-static-1.5.12-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"infinipath-psm-3.0.1-115.1015_open.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"infinipath-psm-debuginfo-3.0.1-115.1015_open.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"infinipath-psm-devel-3.0.1-115.1015_open.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibmad-1.3.9-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibmad-1.3.9-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibmad-debuginfo-1.3.9-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibmad-debuginfo-1.3.9-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibmad-devel-1.3.9-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibmad-devel-1.3.9-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibmad-static-1.3.9-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibmad-static-1.3.9-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibumad-1.3.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibumad-1.3.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibumad-debuginfo-1.3.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibumad-debuginfo-1.3.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibumad-devel-1.3.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibumad-devel-1.3.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibumad-static-1.3.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibumad-static-1.3.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibverbs-1.1.6-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibverbs-1.1.6-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibverbs-debuginfo-1.1.6-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibverbs-debuginfo-1.1.6-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibverbs-devel-1.1.6-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibverbs-devel-1.1.6-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibverbs-devel-static-1.1.6-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibverbs-devel-static-1.1.6-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libibverbs-utils-1.1.6-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libibverbs-utils-1.1.6-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libmlx4-1.0.4-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libmlx4-1.0.4-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libmlx4-debuginfo-1.0.4-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libmlx4-debuginfo-1.0.4-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libmlx4-static-1.0.4-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libmlx4-static-1.0.4-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"librdmacm-1.0.17-0.git4b5c1aa.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"librdmacm-1.0.17-0.git4b5c1aa.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"librdmacm-devel-1.0.17-0.git4b5c1aa.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"librdmacm-devel-1.0.17-0.git4b5c1aa.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"librdmacm-static-1.0.17-0.git4b5c1aa.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"librdmacm-static-1.0.17-0.git4b5c1aa.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"librdmacm-utils-1.0.17-0.git4b5c1aa.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"librdmacm-utils-1.0.17-0.git4b5c1aa.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"opensm-3.3.15-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"opensm-3.3.15-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"opensm-debuginfo-3.3.15-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"opensm-debuginfo-3.3.15-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"opensm-devel-3.3.15-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"opensm-devel-3.3.15-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"opensm-libs-3.3.15-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"opensm-libs-3.3.15-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"opensm-static-3.3.15-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"opensm-static-3.3.15-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rdma-3.6-1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ibacm / ibacm-debuginfo / ibacm-devel / ibsim / ibsim-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:15:20", "bulletinFamily": "scanner", "description": "Updated RDMA packages that fix multiple security issues, various bugs,\nand add an enhancement are now available for Red Hat Enterprise Linux\n6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat Enterprise Linux includes a collection of InfiniBand and iWARP\nutilities, libraries and development packages for writing applications\nthat use Remote Direct Memory Access (RDMA) technology.\n\nA denial of service flaw was found in the way ibacm managed reference\ncounts for multicast connections. An attacker could send specially\ncrafted multicast packets that would cause the ibacm daemon to crash.\n(CVE-2012-4517)\n\nIt was found that the ibacm daemon created some files with\nworld-writable permissions. A local attacker could use this flaw to\noverwrite the contents of the ibacm.log or ibacm.port file, allowing\nthem to mask certain actions from the log or cause ibacm to run on a\nnon-default port. (CVE-2012-4518)\n\nCVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\nSecurity Team and Kurt Seifried of the Red Hat Security Response Team.\n\nThe InfiniBand/iWARP/RDMA stack components have been upgraded to more\nrecent upstream versions.\n\nThis update also fixes the following bugs :\n\n* Previously, the ", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2013-0509.NASL", "href": "https://www.tenable.com/plugins/nessus/65143", "published": "2013-03-10T00:00:00", "title": "CentOS 6 : ibacm / ibsim / ibutils / infiniband-diags / infinipath-psm / libibmad / libibumad / etc (CESA-2013:0509)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0509 and \n# CentOS Errata and Security Advisory 2013:0509 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65143);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/02 15:30:18\");\n\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_bugtraq_id(55890);\n script_xref(name:\"RHSA\", value:\"2013:0509\");\n\n script_name(english:\"CentOS 6 : ibacm / ibsim / ibutils / infiniband-diags / infinipath-psm / libibmad / libibumad / etc (CESA-2013:0509)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated RDMA packages that fix multiple security issues, various bugs,\nand add an enhancement are now available for Red Hat Enterprise Linux\n6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat Enterprise Linux includes a collection of InfiniBand and iWARP\nutilities, libraries and development packages for writing applications\nthat use Remote Direct Memory Access (RDMA) technology.\n\nA denial of service flaw was found in the way ibacm managed reference\ncounts for multicast connections. An attacker could send specially\ncrafted multicast packets that would cause the ibacm daemon to crash.\n(CVE-2012-4517)\n\nIt was found that the ibacm daemon created some files with\nworld-writable permissions. A local attacker could use this flaw to\noverwrite the contents of the ibacm.log or ibacm.port file, allowing\nthem to mask certain actions from the log or cause ibacm to run on a\nnon-default port. (CVE-2012-4518)\n\nCVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\nSecurity Team and Kurt Seifried of the Red Hat Security Response Team.\n\nThe InfiniBand/iWARP/RDMA stack components have been upgraded to more\nrecent upstream versions.\n\nThis update also fixes the following bugs :\n\n* Previously, the 'ibnodes -h' command did not show a proper usage\nmessage. With this update the problem is fixed and 'ibnodes -h' now\nshows the correct usage message. (BZ#818606)\n\n* Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\nhardware's physical state as invalid even when the device was working.\nFor iWARP hardware, the phys_state field has no meaning. This update\npatches the utility to not print out anything for this field when the\nhardware is iWARP hardware. (BZ#822781)\n\n* Prior to the release of Red Hat Enterprise Linux 6.3, the kernel\ncreated the InfiniBand device files in the wrong place and a udev\nrules file was used to force the devices to be created in the proper\nplace. With the update to 6.3, the kernel was fixed to create the\nInfiniBand device files in the proper place, and so the udev rules\nfile was removed as no longer being necessary. However, a bug in the\nkernel device creation meant that, although the devices were now being\ncreated in the right place, they had incorrect permissions.\nConsequently, when users attempted to run an RDMA application as a\nnon-root user, the application failed to get the necessary permissions\nto use the RDMA device and the application terminated. This update\nputs a new udev rules file in place. It no longer attempts to create\nthe InfiniBand devices since they already exist, but it does correct\nthe device permissions on the files. (BZ#834428)\n\n* Previously, using the 'perfquery -C' command with a host name caused\nthe perfquery utility to become unresponsive. The list of controllers\nto process was never cleared and the process looped infinitely on a\nsingle controller. A patch has been applied to make sure that in the\ncase where the user passes in the -C option, the controller list is\ncleared out once that controller has been processed. As a result,\nperfquery now works as expected in the scenario described. (BZ#847129)\n\n* The OpenSM init script did not handle the case where there were no\nconfiguration files under '/etc/rdma/opensm.conf.*'. With this update,\nthe script as been patched and the InfiniBand Subnet Manager, OpenSM,\nnow starts as expected in the scenario described. (BZ#862857)\n\nThis update also adds the following enhancement :\n\n* This update provides an updated mlx4_ib Mellanox driver which\nincludes Single Root I/O Virtualization (SR-IOV) support. (BZ#869737)\n\nAll users of RDMA are advised to upgrade to these updated packages,\nwhich fix these issues and add this enhancement.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019346.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29e13daa\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019347.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b5e76d8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019348.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88d52872\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019350.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0a73691\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019373.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d1ddc1c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019374.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5866e7f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019375.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3edccfda\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019380.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f613a535\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019383.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0ab7e46\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019457.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa8bbab7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019488.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f1d1da9\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000534.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a0fd188\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000535.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?038dc4ed\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000536.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9c32a65\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000538.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69ba8017\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000539.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db9a967f\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000565.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42250031\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000566.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?799060ea\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000570.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5bfe0026\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000573.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1ba9c1d\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000648.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd6e5f64\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000679.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69d393b9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ibacm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ibacm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ibsim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ibutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ibutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ibutils-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:infiniband-diags\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:infiniband-diags-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:infiniband-diags-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:infinipath-psm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:infinipath-psm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libibmad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libibmad-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libibmad-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libibumad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libibumad-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libibumad-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libibverbs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libibverbs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libibverbs-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libibverbs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libmlx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libmlx4-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:librdmacm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:librdmacm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:librdmacm-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:librdmacm-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:opensm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:opensm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:opensm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:opensm-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rdma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"ibacm-1.0.8-0.git7a3adb7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ibacm-devel-1.0.8-0.git7a3adb7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ibsim-0.5-7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ibutils-1.5.7-7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ibutils-devel-1.5.7-7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ibutils-libs-1.5.7-7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"infiniband-diags-1.5.12-5.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"infiniband-diags-devel-1.5.12-5.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"infiniband-diags-devel-static-1.5.12-5.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"infinipath-psm-3.0.1-115.1015_open.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"infinipath-psm-devel-3.0.1-115.1015_open.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libibmad-1.3.9-1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libibmad-devel-1.3.9-1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libibmad-static-1.3.9-1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libibumad-1.3.8-1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libibumad-devel-1.3.8-1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libibumad-static-1.3.8-1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libibverbs-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libibverbs-devel-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libibverbs-devel-static-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libibverbs-utils-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libmlx4-1.0.4-1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libmlx4-static-1.0.4-1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"librdmacm-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"librdmacm-devel-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"librdmacm-static-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"librdmacm-utils-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"opensm-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"opensm-devel-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"opensm-libs-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"opensm-static-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rdma-3.6-1.el6\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ibacm / ibacm-devel / ibsim / ibutils / ibutils-devel / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T03:14:25", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2013:0509 :\n\nUpdated RDMA packages that fix multiple security issues, various bugs,\nand add an enhancement are now available for Red Hat Enterprise Linux\n6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat Enterprise Linux includes a collection of InfiniBand and iWARP\nutilities, libraries and development packages for writing applications\nthat use Remote Direct Memory Access (RDMA) technology.\n\nA denial of service flaw was found in the way ibacm managed reference\ncounts for multicast connections. An attacker could send specially\ncrafted multicast packets that would cause the ibacm daemon to crash.\n(CVE-2012-4517)\n\nIt was found that the ibacm daemon created some files with\nworld-writable permissions. A local attacker could use this flaw to\noverwrite the contents of the ibacm.log or ibacm.port file, allowing\nthem to mask certain actions from the log or cause ibacm to run on a\nnon-default port. (CVE-2012-4518)\n\nCVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\nSecurity Team and Kurt Seifried of the Red Hat Security Response Team.\n\nThe InfiniBand/iWARP/RDMA stack components have been upgraded to more\nrecent upstream versions.\n\nThis update also fixes the following bugs :\n\n* Previously, the ", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2013-0509.NASL", "href": "https://www.tenable.com/plugins/nessus/68748", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : rdma (ELSA-2013-0509)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0509 and \n# Oracle Linux Security Advisory ELSA-2013-0509 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68748);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/30 10:58:18\");\n\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_bugtraq_id(55890);\n script_xref(name:\"RHSA\", value:\"2013:0509\");\n\n script_name(english:\"Oracle Linux 6 : rdma (ELSA-2013-0509)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0509 :\n\nUpdated RDMA packages that fix multiple security issues, various bugs,\nand add an enhancement are now available for Red Hat Enterprise Linux\n6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat Enterprise Linux includes a collection of InfiniBand and iWARP\nutilities, libraries and development packages for writing applications\nthat use Remote Direct Memory Access (RDMA) technology.\n\nA denial of service flaw was found in the way ibacm managed reference\ncounts for multicast connections. An attacker could send specially\ncrafted multicast packets that would cause the ibacm daemon to crash.\n(CVE-2012-4517)\n\nIt was found that the ibacm daemon created some files with\nworld-writable permissions. A local attacker could use this flaw to\noverwrite the contents of the ibacm.log or ibacm.port file, allowing\nthem to mask certain actions from the log or cause ibacm to run on a\nnon-default port. (CVE-2012-4518)\n\nCVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\nSecurity Team and Kurt Seifried of the Red Hat Security Response Team.\n\nThe InfiniBand/iWARP/RDMA stack components have been upgraded to more\nrecent upstream versions.\n\nThis update also fixes the following bugs :\n\n* Previously, the 'ibnodes -h' command did not show a proper usage\nmessage. With this update the problem is fixed and 'ibnodes -h' now\nshows the correct usage message. (BZ#818606)\n\n* Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\nhardware's physical state as invalid even when the device was working.\nFor iWARP hardware, the phys_state field has no meaning. This update\npatches the utility to not print out anything for this field when the\nhardware is iWARP hardware. (BZ#822781)\n\n* Prior to the release of Red Hat Enterprise Linux 6.3, the kernel\ncreated the InfiniBand device files in the wrong place and a udev\nrules file was used to force the devices to be created in the proper\nplace. With the update to 6.3, the kernel was fixed to create the\nInfiniBand device files in the proper place, and so the udev rules\nfile was removed as no longer being necessary. However, a bug in the\nkernel device creation meant that, although the devices were now being\ncreated in the right place, they had incorrect permissions.\nConsequently, when users attempted to run an RDMA application as a\nnon-root user, the application failed to get the necessary permissions\nto use the RDMA device and the application terminated. This update\nputs a new udev rules file in place. It no longer attempts to create\nthe InfiniBand devices since they already exist, but it does correct\nthe device permissions on the files. (BZ#834428)\n\n* Previously, using the 'perfquery -C' command with a host name caused\nthe perfquery utility to become unresponsive. The list of controllers\nto process was never cleared and the process looped infinitely on a\nsingle controller. A patch has been applied to make sure that in the\ncase where the user passes in the -C option, the controller list is\ncleared out once that controller has been processed. As a result,\nperfquery now works as expected in the scenario described. (BZ#847129)\n\n* The OpenSM init script did not handle the case where there were no\nconfiguration files under '/etc/rdma/opensm.conf.*'. With this update,\nthe script as been patched and the InfiniBand Subnet Manager, OpenSM,\nnow starts as expected in the scenario described. (BZ#862857)\n\nThis update also adds the following enhancement :\n\n* This update provides an updated mlx4_ib Mellanox driver which\nincludes Single Root I/O Virtualization (SR-IOV) support. (BZ#869737)\n\nAll users of RDMA are advised to upgrade to these updated packages,\nwhich fix these issues and add this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003272.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rdma packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ibacm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ibacm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ibsim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ibutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ibutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ibutils-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:infiniband-diags\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:infiniband-diags-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:infiniband-diags-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:infinipath-psm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:infinipath-psm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libibmad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libibmad-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libibmad-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libibumad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libibumad-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libibumad-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libibverbs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libibverbs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libibverbs-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libibverbs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libmlx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libmlx4-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:librdmacm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:librdmacm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:librdmacm-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:librdmacm-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:opensm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:opensm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:opensm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:opensm-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rdma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"ibacm-1.0.8-0.git7a3adb7.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ibacm-devel-1.0.8-0.git7a3adb7.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ibsim-0.5-7.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ibutils-1.5.7-7.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ibutils-devel-1.5.7-7.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ibutils-libs-1.5.7-7.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"infiniband-diags-1.5.12-5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"infiniband-diags-devel-1.5.12-5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"infiniband-diags-devel-static-1.5.12-5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"infinipath-psm-3.0.1-115.1015_open.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"infinipath-psm-devel-3.0.1-115.1015_open.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libibmad-1.3.9-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libibmad-devel-1.3.9-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libibmad-static-1.3.9-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libibumad-1.3.8-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libibumad-devel-1.3.8-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libibumad-static-1.3.8-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libibverbs-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libibverbs-devel-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libibverbs-devel-static-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libibverbs-utils-1.1.6-5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libmlx4-1.0.4-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libmlx4-static-1.0.4-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"librdmacm-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"librdmacm-devel-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"librdmacm-static-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"librdmacm-utils-1.0.17-0.git4b5c1aa.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"opensm-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"opensm-devel-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"opensm-libs-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"opensm-static-3.3.15-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rdma-3.6-1.0.2.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ibacm / ibacm-devel / ibsim / ibutils / ibutils-devel / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:51:47", "bulletinFamily": "scanner", "description": "Check for the Version of rdma", "modified": "2017-07-10T00:00:00", "published": "2013-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881644", "id": "OPENVAS:881644", "title": "CentOS Update for rdma CESA-2013:0509 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for rdma CESA-2013:0509 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\n utilities, libraries and development packages for writing applications\n that use Remote Direct Memory Access (RDMA) technology.\n\n A denial of service flaw was found in the way ibacm managed reference\n counts for multicast connections. An attacker could send specially-crafted\n multicast packets that would cause the ibacm daemon to crash.\n (CVE-2012-4517)\n \n It was found that the ibacm daemon created some files with world-writable\n permissions. A local attacker could use this flaw to overwrite the\n contents of the ibacm.log or ibacm.port file, allowing them to mask\n certain actions from the log or cause ibacm to run on a non-default port.\n (CVE-2012-4518)\n \n CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\n Security Team and Kurt Seifried of the Red Hat Security Response Team.\n \n The InfiniBand/iWARP/RDMA stack components have been upgraded to more\n recent upstream versions.\n \n This update also fixes the following bugs:\n \n * Previously, the &quot;ibnodes -h&quot; command did not show a proper usage message.\n With this update the problem is fixed and &quot;ibnodes -h&quot; now shows the\n correct usage message. (BZ#818606)\n \n * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\n hardware's physical state as invalid even when the device was working. For\n iWARP hardware, the phys_state field has no meaning. This update patches\n the utility to not print out anything for this field when the hardware is\n iWARP hardware. (BZ#822781)\n \n * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\n the InfiniBand device files in the wrong place and a udev rules file was\n used to force the devices to be created in the proper place. With the\n update to 6.3, the kernel was fixed to create the InfiniBand device files\n in the proper place, and so the udev rules file was removed as no longer\n being necessary. However, a bug in the kernel device creation meant that,\n although the devices were now being created in the right place, they had\n incorrect permissions. Consequently, when users attempted to run an RDMA\n application as a non-root user, the application failed to get the necessary\n permissions to use the RDMA device and the application terminated. This\n update puts a new udev rules file in place. It no longer attempts to create\n the InfiniBand devices since they already exist, but it does correct the\n device permissions on the files. (BZ#834428)\n \n * Previously, using the &quot;perfquery -C&quot; command with a host name caused the\n perfquer ... \n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_affected = \"rdma on CentOS 6\";\n\n\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019488.html\");\n script_id(881644);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:59:28 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:0509\");\n script_name(\"CentOS Update for rdma CESA-2013:0509 centos6 \");\n\n script_summary(\"Check for the Version of rdma\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"rdma\", rpm:\"rdma~3.6~1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:09:30", "bulletinFamily": "scanner", "description": "Check for the Version of rdma", "modified": "2018-01-17T00:00:00", "published": "2013-02-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870931", "id": "OPENVAS:870931", "title": "RedHat Update for rdma RHSA-2013:0509-02", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for rdma RHSA-2013:0509-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\n utilities, libraries and development packages for writing applications\n that use Remote Direct Memory Access (RDMA) technology.\n\n A denial of service flaw was found in the way ibacm managed reference\n counts for multicast connections. An attacker could send specially-crafted\n multicast packets that would cause the ibacm daemon to crash.\n (CVE-2012-4517)\n\n It was found that the ibacm daemon created some files with world-writable\n permissions. A local attacker could use this flaw to overwrite the\n contents of the ibacm.log or ibacm.port file, allowing them to mask\n certain actions from the log or cause ibacm to run on a non-default port.\n (CVE-2012-4518)\n\n CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\n Security Team and Kurt Seifried of the Red Hat Security Response Team.\n\n The InfiniBand/iWARP/RDMA stack components have been upgraded to more\n recent upstream versions.\n\n This update also fixes the following bugs:\n\n * Previously, the ibnodes -h command did not show a proper usage message.\n With this update the problem is fixed and ibnodes -h now shows the\n correct usage message. (BZ#818606)\n\n * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\n hardware's physical state as invalid even when the device was working. For\n iWARP hardware, the phys_state field has no meaning. This update patches\n the utility to not print out anything for this field when the hardware is\n iWARP hardware. (BZ#822781)\n\n * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\n the InfiniBand device files in the wrong place and a udev rules file was\n used to force the devices to be created in the proper place. With the\n update to 6.3, the kernel was fixed to create the InfiniBand device files\n in the proper place, and so the udev rules file was removed as no longer\n being necessary. However, a bug in the kernel device creation meant that,\n although the devices were now being created in the right place, they had\n incorrect permissions. Consequently, when users attempted to run an RDMA\n application as a non-root user, the application failed to get the necessary\n permissions to use the RDMA device and the application terminated. This\n update puts a new udev rules file in place. It no longer attempts to create\n the InfiniBand devices since they already exist, but it does correct the\n device permissions on the ...\n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"rdma on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00051.html\");\n script_id(870931);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 10:02:12 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_bugtraq_id(55890);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2013:0509-02\");\n script_name(\"RedHat Update for rdma RHSA-2013:0509-02\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rdma\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ibacm\", rpm:\"ibacm~1.0.8~0.git7a3adb7.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ibacm-debuginfo\", rpm:\"ibacm-debuginfo~1.0.8~0.git7a3adb7.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ibsim\", rpm:\"ibsim~0.5~7.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ibsim-debuginfo\", rpm:\"ibsim-debuginfo~0.5~7.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ibutils\", rpm:\"ibutils~1.5.7~7.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ibutils-debuginfo\", rpm:\"ibutils-debuginfo~1.5.7~7.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ibutils-libs\", rpm:\"ibutils-libs~1.5.7~7.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"infiniband-diags\", rpm:\"infiniband-diags~1.5.12~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"infiniband-diags-debuginfo\", rpm:\"infiniband-diags-debuginfo~1.5.12~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibmad\", rpm:\"libibmad~1.3.9~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibmad-debuginfo\", rpm:\"libibmad-debuginfo~1.3.9~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibumad\", rpm:\"libibumad~1.3.8~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibumad-debuginfo\", rpm:\"libibumad-debuginfo~1.3.8~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibverbs\", rpm:\"libibverbs~1.1.6~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibverbs-debuginfo\", rpm:\"libibverbs-debuginfo~1.1.6~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibverbs-devel\", rpm:\"libibverbs-devel~1.1.6~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibverbs-utils\", rpm:\"libibverbs-utils~1.1.6~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmlx4\", rpm:\"libmlx4~1.0.4~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmlx4-debuginfo\", rpm:\"libmlx4-debuginfo~1.0.4~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"librdmacm\", rpm:\"librdmacm~1.0.17~0.git4b5c1aa.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"librdmacm-debuginfo\", rpm:\"librdmacm-debuginfo~1.0.17~0.git4b5c1aa.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"librdmacm-utils\", rpm:\"librdmacm-utils~1.0.17~0.git4b5c1aa.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"opensm\", rpm:\"opensm~3.3.15~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"opensm-debuginfo\", rpm:\"opensm-debuginfo~3.3.15~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"opensm-libs\", rpm:\"opensm-libs~3.3.15~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rdma\", rpm:\"rdma~3.6~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"infinipath-psm\", rpm:\"infinipath-psm~3.0.1~115.1015_open.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"infinipath-psm-debuginfo\", rpm:\"infinipath-psm-debuginfo~3.0.1~115.1015_open.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibumad-devel\", rpm:\"libibumad-devel~1.3.8~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"librdmacm-devel\", rpm:\"librdmacm-devel~1.0.17~0.git4b5c1aa.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:10:28", "bulletinFamily": "scanner", "description": "Check for the Version of libibmad", "modified": "2018-01-23T00:00:00", "published": "2013-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881627", "id": "OPENVAS:881627", "title": "CentOS Update for libibmad CESA-2013:0509 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libibmad CESA-2013:0509 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\n utilities, libraries and development packages for writing applications\n that use Remote Direct Memory Access (RDMA) technology.\n\n A denial of service flaw was found in the way ibacm managed reference\n counts for multicast connections. An attacker could send specially-crafted\n multicast packets that would cause the ibacm daemon to crash.\n (CVE-2012-4517)\n \n It was found that the ibacm daemon created some files with world-writable\n permissions. A local attacker could use this flaw to overwrite the\n contents of the ibacm.log or ibacm.port file, allowing them to mask\n certain actions from the log or cause ibacm to run on a non-default port.\n (CVE-2012-4518)\n \n CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\n Security Team and Kurt Seifried of the Red Hat Security Response Team.\n \n The InfiniBand/iWARP/RDMA stack components have been upgraded to more\n recent upstream versions.\n \n This update also fixes the following bugs:\n \n * Previously, the &quot;ibnodes -h&quot; command did not show a proper usage message.\n With this update the problem is fixed and &quot;ibnodes -h&quot; now shows the\n correct usage message. (BZ#818606)\n \n * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\n hardware's physical state as invalid even when the device was working. For\n iWARP hardware, the phys_state field has no meaning. This update patches\n the utility to not print out anything for this field when the hardware is\n iWARP hardware. (BZ#822781)\n \n * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\n the InfiniBand device files in the wrong place and a udev rules file was\n used to force the devices to be created in the proper place. With the\n update to 6.3, the kernel was fixed to create the InfiniBand device files\n in the proper place, and so the udev rules file was removed as no longer\n being necessary. However, a bug in the kernel device creation meant that,\n although the devices were now being created in the right place, they had\n incorrect permissions. Consequently, when users attempted to run an RDMA\n application as a non-root user, the application failed to get the necessary\n permissions to use the RDMA device and the application terminated. This\n update puts a new udev rules file in place. It no longer attempts to create\n the InfiniBand devices since they already exist, but it does correct the\n device permissions on the files. (BZ#834428)\n \n * Previously, using the &quot;perfquery -C&quot; command with a host name caused the\n perf ... \n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"libibmad on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019373.html\");\n script_id(881627);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:58:30 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0509\");\n script_name(\"CentOS Update for libibmad CESA-2013:0509 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libibmad\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libibmad\", rpm:\"libibmad~1.3.9~1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibmad-devel\", rpm:\"libibmad-devel~1.3.9~1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibmad-static\", rpm:\"libibmad-static~1.3.9~1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:52", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:1361412562310881648", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881648", "title": "CentOS Update for librdmacm CESA-2013:0509 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for librdmacm CESA-2013:0509 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019383.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881648\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:59:42 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2013:0509\");\n script_name(\"CentOS Update for librdmacm CESA-2013:0509 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'librdmacm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"librdmacm on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\n utilities, libraries and development packages for writing applications\n that use Remote Direct Memory Access (RDMA) technology.\n\n A denial of service flaw was found in the way ibacm managed reference\n counts for multicast connections. An attacker could send specially-crafted\n multicast packets that would cause the ibacm daemon to crash.\n (CVE-2012-4517)\n\n It was found that the ibacm daemon created some files with world-writable\n permissions. A local attacker could use this flaw to overwrite the\n contents of the ibacm.log or ibacm.port file, allowing them to mask\n certain actions from the log or cause ibacm to run on a non-default port.\n (CVE-2012-4518)\n\n CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\n Security Team and Kurt Seifried of the Red Hat Security Response Team.\n\n The InfiniBand/iWARP/RDMA stack components have been upgraded to more\n recent upstream versions.\n\n This update also fixes the following bugs:\n\n * Previously, the 'ibnodes -h' command did not show a proper usage message.\n With this update the problem is fixed and 'ibnodes -h' now shows the\n correct usage message. (BZ#818606)\n\n * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\n hardware's physical state as invalid even when the device was working. For\n iWARP hardware, the phys_state field has no meaning. This update patches\n the utility to not print out anything for this field when the hardware is\n iWARP hardware. (BZ#822781)\n\n * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\n the InfiniBand device files in the wrong place and a udev rules file was\n used to force the devices to be created in the proper place. With the\n update to 6.3, the kernel was fixed to create the InfiniBand device files\n in the proper place, and so the udev rules file was removed as no longer\n being necessary. However, a bug in the kernel device creation meant that,\n although the devices were now being created in the right place, they had\n incorrect permissions. Consequently, when users attempted to run an RDMA\n application as a non-root user, the application failed to get the necessary\n permissions to use the RDMA device and the application terminated. This\n update puts a new udev rules file in place. It no longer attempts to create\n the InfiniBand devices since they already exist, but it does correct the\n device permissions on the files. (BZ#834428)\n\n * Previously, using the 'perfquery -C' command with a host name caused the\n per ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"librdmacm\", rpm:\"librdmacm~1.0.17~0.git4b5c1aa.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"librdmacm-devel\", rpm:\"librdmacm-devel~1.0.17~0.git4b5c1aa.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"librdmacm-static\", rpm:\"librdmacm-static~1.0.17~0.git4b5c1aa.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"librdmacm-utils\", rpm:\"librdmacm-utils~1.0.17~0.git4b5c1aa.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:1361412562310881641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881641", "title": "CentOS Update for infiniband-diags CESA-2013:0509 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for infiniband-diags CESA-2013:0509 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019350.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881641\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:59:19 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2013:0509\");\n script_name(\"CentOS Update for infiniband-diags CESA-2013:0509 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'infiniband-diags'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"infiniband-diags on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\n utilities, libraries and development packages for writing applications\n that use Remote Direct Memory Access (RDMA) technology.\n\n A denial of service flaw was found in the way ibacm managed reference\n counts for multicast connections. An attacker could send specially-crafted\n multicast packets that would cause the ibacm daemon to crash.\n (CVE-2012-4517)\n\n It was found that the ibacm daemon created some files with world-writable\n permissions. A local attacker could use this flaw to overwrite the\n contents of the ibacm.log or ibacm.port file, allowing them to mask\n certain actions from the log or cause ibacm to run on a non-default port.\n (CVE-2012-4518)\n\n CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\n Security Team and Kurt Seifried of the Red Hat Security Response Team.\n\n The InfiniBand/iWARP/RDMA stack components have been upgraded to more\n recent upstream versions.\n\n This update also fixes the following bugs:\n\n * Previously, the 'ibnodes -h' command did not show a proper usage message.\n With this update the problem is fixed and 'ibnodes -h' now shows the\n correct usage message. (BZ#818606)\n\n * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\n hardware's physical state as invalid even when the device was working. For\n iWARP hardware, the phys_state field has no meaning. This update patches\n the utility to not print out anything for this field when the hardware is\n iWARP hardware. (BZ#822781)\n\n * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\n the InfiniBand device files in the wrong place and a udev rules file was\n used to force the devices to be created in the proper place. With the\n update to 6.3, the kernel was fixed to create the InfiniBand device files\n in the proper place, and so the udev rules file was removed as no longer\n being necessary. However, a bug in the kernel device creation meant that,\n although the devices were now being created in the right place, they had\n incorrect permissions. Consequently, when users attempted to run an RDMA\n application as a non-root user, the application failed to get the necessary\n permissions to use the RDMA device and the application terminated. This\n update puts a new udev rules file in place. It no longer attempts to create\n the InfiniBand devices since they already exist, but it does correct the\n device permissions on the files. (BZ#834428)\n\n * Previously, using the 'perfquery -C' command with a host name caused th ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"infiniband-diags\", rpm:\"infiniband-diags~1.5.12~5.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"infiniband-diags-devel\", rpm:\"infiniband-diags-devel~1.5.12~5.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"infiniband-diags-devel-static\", rpm:\"infiniband-diags-devel-static~1.5.12~5.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:1361412562310881644", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881644", "title": "CentOS Update for rdma CESA-2013:0509 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for rdma CESA-2013:0509 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"affected\", value:\"rdma on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\n utilities, libraries and development packages for writing applications\n that use Remote Direct Memory Access (RDMA) technology.\n\n A denial of service flaw was found in the way ibacm managed reference\n counts for multicast connections. An attacker could send specially-crafted\n multicast packets that would cause the ibacm daemon to crash.\n (CVE-2012-4517)\n\n It was found that the ibacm daemon created some files with world-writable\n permissions. A local attacker could use this flaw to overwrite the\n contents of the ibacm.log or ibacm.port file, allowing them to mask\n certain actions from the log or cause ibacm to run on a non-default port.\n (CVE-2012-4518)\n\n CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\n Security Team and Kurt Seifried of the Red Hat Security Response Team.\n\n The InfiniBand/iWARP/RDMA stack components have been upgraded to more\n recent upstream versions.\n\n This update also fixes the following bugs:\n\n * Previously, the 'ibnodes -h' command did not show a proper usage message.\n With this update the problem is fixed and 'ibnodes -h' now shows the\n correct usage message. (BZ#818606)\n\n * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\n hardware's physical state as invalid even when the device was working. For\n iWARP hardware, the phys_state field has no meaning. This update patches\n the utility to not print out anything for this field when the hardware is\n iWARP hardware. (BZ#822781)\n\n * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\n the InfiniBand device files in the wrong place and a udev rules file was\n used to force the devices to be created in the proper place. With the\n update to 6.3, the kernel was fixed to create the InfiniBand device files\n in the proper place, and so the udev rules file was removed as no longer\n being necessary. However, a bug in the kernel device creation meant that,\n although the devices were now being created in the right place, they had\n incorrect permissions. Consequently, when users attempted to run an RDMA\n application as a non-root user, the application failed to get the necessary\n permissions to use the RDMA device and the application terminated. This\n update puts a new udev rules file in place. It no longer attempts to create\n the InfiniBand devices since they already exist, but it does correct the\n device permissions on the files. (BZ#834428)\n\n * Previously, using the 'perfquery -C' command with a host name caused the\n perfquer ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019488.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881644\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:59:28 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2013:0509\");\n script_name(\"CentOS Update for rdma CESA-2013:0509 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rdma'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"rdma\", rpm:\"rdma~3.6~1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:1361412562310881628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881628", "title": "CentOS Update for ibacm CESA-2013:0509 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ibacm CESA-2013:0509 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019346.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881628\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:58:36 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2013:0509\");\n script_name(\"CentOS Update for ibacm CESA-2013:0509 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ibacm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"ibacm on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\n utilities, libraries and development packages for writing applications\n that use Remote Direct Memory Access (RDMA) technology.\n\n A denial of service flaw was found in the way ibacm managed reference\n counts for multicast connections. An attacker could send specially-crafted\n multicast packets that would cause the ibacm daemon to crash.\n (CVE-2012-4517)\n\n It was found that the ibacm daemon created some files with world-writable\n permissions. A local attacker could use this flaw to overwrite the\n contents of the ibacm.log or ibacm.port file, allowing them to mask\n certain actions from the log or cause ibacm to run on a non-default port.\n (CVE-2012-4518)\n\n CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\n Security Team and Kurt Seifried of the Red Hat Security Response Team.\n\n The InfiniBand/iWARP/RDMA stack components have been upgraded to more\n recent upstream versions.\n\n This update also fixes the following bugs:\n\n * Previously, the 'ibnodes -h' command did not show a proper usage message.\n With this update the problem is fixed and 'ibnodes -h' now shows the\n correct usage message. (BZ#818606)\n\n * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\n hardware's physical state as invalid even when the device was working. For\n iWARP hardware, the phys_state field has no meaning. This update patches\n the utility to not print out anything for this field when the hardware is\n iWARP hardware. (BZ#822781)\n\n * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\n the InfiniBand device files in the wrong place and a udev rules file was\n used to force the devices to be created in the proper place. With the\n update to 6.3, the kernel was fixed to create the InfiniBand device files\n in the proper place, and so the udev rules file was removed as no longer\n being necessary. However, a bug in the kernel device creation meant that,\n although the devices were now being created in the right place, they had\n incorrect permissions. Consequently, when users attempted to run an RDMA\n application as a non-root user, the application failed to get the necessary\n permissions to use the RDMA device and the application terminated. This\n update puts a new udev rules file in place. It no longer attempts to create\n the InfiniBand devices since they already exist, but it does correct the\n device permissions on the files. (BZ#834428)\n\n * Previously, using the 'perfquery -C' command with a host name caused the\n perfque ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ibacm\", rpm:\"ibacm~1.0.8~0.git7a3adb7.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ibacm-devel\", rpm:\"ibacm-devel~1.0.8~0.git7a3adb7.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:1361412562310881627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881627", "title": "CentOS Update for libibmad CESA-2013:0509 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libibmad CESA-2013:0509 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019373.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881627\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:58:30 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2013:0509\");\n script_name(\"CentOS Update for libibmad CESA-2013:0509 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libibmad'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"libibmad on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\n utilities, libraries and development packages for writing applications\n that use Remote Direct Memory Access (RDMA) technology.\n\n A denial of service flaw was found in the way ibacm managed reference\n counts for multicast connections. An attacker could send specially-crafted\n multicast packets that would cause the ibacm daemon to crash.\n (CVE-2012-4517)\n\n It was found that the ibacm daemon created some files with world-writable\n permissions. A local attacker could use this flaw to overwrite the\n contents of the ibacm.log or ibacm.port file, allowing them to mask\n certain actions from the log or cause ibacm to run on a non-default port.\n (CVE-2012-4518)\n\n CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\n Security Team and Kurt Seifried of the Red Hat Security Response Team.\n\n The InfiniBand/iWARP/RDMA stack components have been upgraded to more\n recent upstream versions.\n\n This update also fixes the following bugs:\n\n * Previously, the 'ibnodes -h' command did not show a proper usage message.\n With this update the problem is fixed and 'ibnodes -h' now shows the\n correct usage message. (BZ#818606)\n\n * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\n hardware's physical state as invalid even when the device was working. For\n iWARP hardware, the phys_state field has no meaning. This update patches\n the utility to not print out anything for this field when the hardware is\n iWARP hardware. (BZ#822781)\n\n * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\n the InfiniBand device files in the wrong place and a udev rules file was\n used to force the devices to be created in the proper place. With the\n update to 6.3, the kernel was fixed to create the InfiniBand device files\n in the proper place, and so the udev rules file was removed as no longer\n being necessary. However, a bug in the kernel device creation meant that,\n although the devices were now being created in the right place, they had\n incorrect permissions. Consequently, when users attempted to run an RDMA\n application as a non-root user, the application failed to get the necessary\n permissions to use the RDMA device and the application terminated. This\n update puts a new udev rules file in place. It no longer attempts to create\n the InfiniBand devices since they already exist, but it does correct the\n device permissions on the files. (BZ#834428)\n\n * Previously, using the 'perfquery -C' command with a host name caused the\n perf ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libibmad\", rpm:\"libibmad~1.3.9~1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibmad-devel\", rpm:\"libibmad-devel~1.3.9~1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libibmad-static\", rpm:\"libibmad-static~1.3.9~1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2013-0509", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123718", "title": "Oracle Linux Local Check: ELSA-2013-0509", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0509.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123718\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:37 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0509\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0509 - rdma security, bug fix and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0509\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0509.html\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"ibacm\", rpm:\"ibacm~1.0.8~0.git7a3adb7.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ibacm-devel\", rpm:\"ibacm-devel~1.0.8~0.git7a3adb7.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ibsim\", rpm:\"ibsim~0.5~7.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ibutils\", rpm:\"ibutils~1.5.7~7.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ibutils-devel\", rpm:\"ibutils-devel~1.5.7~7.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ibutils-libs\", rpm:\"ibutils-libs~1.5.7~7.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"infiniband-diags\", rpm:\"infiniband-diags~1.5.12~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"infiniband-diags-devel\", rpm:\"infiniband-diags-devel~1.5.12~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"infiniband-diags-devel-static\", rpm:\"infiniband-diags-devel-static~1.5.12~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libibmad\", rpm:\"libibmad~1.3.9~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libibmad-devel\", rpm:\"libibmad-devel~1.3.9~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libibmad-static\", rpm:\"libibmad-static~1.3.9~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libibumad\", rpm:\"libibumad~1.3.8~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libibumad-devel\", rpm:\"libibumad-devel~1.3.8~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libibumad-static\", rpm:\"libibumad-static~1.3.8~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libibverbs\", rpm:\"libibverbs~1.1.6~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libibverbs-devel\", rpm:\"libibverbs-devel~1.1.6~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libibverbs-devel-static\", rpm:\"libibverbs-devel-static~1.1.6~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libibverbs-utils\", rpm:\"libibverbs-utils~1.1.6~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libmlx4\", rpm:\"libmlx4~1.0.4~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libmlx4-static\", rpm:\"libmlx4-static~1.0.4~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"librdmacm\", rpm:\"librdmacm~1.0.17~0.git4b5c1aa.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"librdmacm-devel\", rpm:\"librdmacm-devel~1.0.17~0.git4b5c1aa.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"librdmacm-static\", rpm:\"librdmacm-static~1.0.17~0.git4b5c1aa.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"librdmacm-utils\", rpm:\"librdmacm-utils~1.0.17~0.git4b5c1aa.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"opensm\", rpm:\"opensm~3.3.15~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"opensm-devel\", rpm:\"opensm-devel~3.3.15~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"opensm-libs\", rpm:\"opensm-libs~3.3.15~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"opensm-static\", rpm:\"opensm-static~3.3.15~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rdma\", rpm:\"rdma~3.6~1.0.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"infinipath-psm\", rpm:\"infinipath-psm~3.0.1~115.1015_open.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"infinipath-psm-devel\", rpm:\"infinipath-psm-devel~3.0.1~115.1015_open.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:51:42", "bulletinFamily": "scanner", "description": "Check for the Version of librdmacm", "modified": "2017-07-10T00:00:00", "published": "2013-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881648", "id": "OPENVAS:881648", "title": "CentOS Update for librdmacm CESA-2013:0509 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for librdmacm CESA-2013:0509 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\n utilities, libraries and development packages for writing applications\n that use Remote Direct Memory Access (RDMA) technology.\n\n A denial of service flaw was found in the way ibacm managed reference\n counts for multicast connections. An attacker could send specially-crafted\n multicast packets that would cause the ibacm daemon to crash.\n (CVE-2012-4517)\n \n It was found that the ibacm daemon created some files with world-writable\n permissions. A local attacker could use this flaw to overwrite the\n contents of the ibacm.log or ibacm.port file, allowing them to mask\n certain actions from the log or cause ibacm to run on a non-default port.\n (CVE-2012-4518)\n \n CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\n Security Team and Kurt Seifried of the Red Hat Security Response Team.\n \n The InfiniBand/iWARP/RDMA stack components have been upgraded to more\n recent upstream versions.\n \n This update also fixes the following bugs:\n \n * Previously, the &quot;ibnodes -h&quot; command did not show a proper usage message.\n With this update the problem is fixed and &quot;ibnodes -h&quot; now shows the\n correct usage message. (BZ#818606)\n \n * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\n hardware's physical state as invalid even when the device was working. For\n iWARP hardware, the phys_state field has no meaning. This update patches\n the utility to not print out anything for this field when the hardware is\n iWARP hardware. (BZ#822781)\n \n * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\n the InfiniBand device files in the wrong place and a udev rules file was\n used to force the devices to be created in the proper place. With the\n update to 6.3, the kernel was fixed to create the InfiniBand device files\n in the proper place, and so the udev rules file was removed as no longer\n being necessary. However, a bug in the kernel device creation meant that,\n although the devices were now being created in the right place, they had\n incorrect permissions. Consequently, when users attempted to run an RDMA\n application as a non-root user, the application failed to get the necessary\n permissions to use the RDMA device and the application terminated. This\n update puts a new udev rules file in place. It no longer attempts to create\n the InfiniBand devices since they already exist, but it does correct the\n device permissions on the files. (BZ#834428)\n \n * Previously, using the &quot;perfquery -C&quot; command with a host name caused the\n per ... \n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"librdmacm on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019383.html\");\n script_id(881648);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:59:42 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-4517\", \"CVE-2012-4518\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0509\");\n script_name(\"CentOS Update for librdmacm CESA-2013:0509 centos6 \");\n\n script_summary(\"Check for the Version of librdmacm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"librdmacm\", rpm:\"librdmacm~1.0.17~0.git4b5c1aa.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"librdmacm-devel\", rpm:\"librdmacm-devel~1.0.17~0.git4b5c1aa.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"librdmacm-static\", rpm:\"librdmacm-static~1.0.17~0.git4b5c1aa.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"librdmacm-utils\", rpm:\"librdmacm-utils~1.0.17~0.git4b5c1aa.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:01", "bulletinFamily": "unix", "description": "ibacm\n[1.0.8-0.git7a3adb7]\n- Update to latest upstream via git repo\n- Resolves: bz866222, bz866223\nibsim\n[0.5-7]\n- Bump and rebuild against latest opensm\n- Related: bz756396\nibutils\n[1.5.7-7]\n- Bump and rebuild against latest opensm\n- Related: bz756396\ninfiniband-diags\n[1.5.12-5]\n- Bump and rebuild against latest opensm\n- Pick up fixes done for rhel5.9\n- Related: bz756396\n[1.5.12-4]\n- Update the all_hcas patch to resolve several problems\n- Give a simple help message to the ibnodes script\n- Resolves: bz818606, bz847129\ninfinipath-psm\n[3.0.1-115.1015_open.1]\n- New upstream releas\n Resolves: rhbz818789\nlibibmad\n[1.3.9-1]\n- Update to latest upstream version (more SRIOV support)\n- Related: bz756396\n[1.3.8-1]\n- Update to latest upstream version (for FDR link speed support)\n- Related: bz750609\n[1.3.7-1]\n- Update to latest upstream version (1.3.4 -> 1.3.7)\n- Related: bz725016\n[1.3.4-1]\n- New upstream version\n[1.3.3-2]\n- ExcludeArch s390(x) as there's no hardware support there\n[1.3.3-1]\n- Update to latest upstream release\n[1.3.2-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n[1.3.2-1]\n- Update to latest upstream version\n- Require the same version of libibumad as our version\n[1.3.1-1]\n- Update to latest upstream version\n[1.2.0-3]\n- Rebuilt against libtool 2.2\n[1.2.0-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[1.2.0-1]\n- Initial package for Fedora review process\nlibibumad\n[1.3.8-1]\n- Update to latest upstream release (more SRIOV support)\n- Related: bz756396\n[1.3.7-1]\n- Update to latest upstream version (1.3.4 -> 1.3.7)\n- Related: bz725016\n[1.3.4-1]\n- New upstream release\n[1.3.3-2]\n- ExcludeArch s390(x) as there is no hardware support there\n[1.3.3-1]\n- Update to latest upstream version\n[1.3.2-3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n[1.3.2-2]\n- Forgot to remove both instances of the libibcommon requires\n- Add build requires on glibc-static\n[1.3.2-1]\n- Update to latest upstream version\n- Remove requirement on libibcommon since that library is no longer needed\n- Fix a problem with man page listing\n[1.3.1-1]\n- Update to latest upstream version\n[1.2.0-3]\n- Rebuilt against libtool 2.2\n[1.2.0-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[1.2.0-1]\n- Initial package for Fedora review process\nlibibverbs\n[1.1.6-5]\n- Don't print link state on iWARP links as it's always invalid\n- Don't try to do ud transfers in excess of port MTU\n- Resolves: bz822781\nlibmlx4\n[1.0.4-1]\n- Update to latest upstream version\n- Related: bz756396\nlibrdmacm\n[1.0.17-0.git4b5c1aa]\n- Pre-release version of 1.0.17\n- Resolves a CVE vulnerability between librdmacm and ibacm\n- Fixes various minor bugs in sample programs\n- Resolves: bz866221, bz816074\nopensm\n[3.3.15-1]\n- Update to latest upstream source (adds more SRIOV support)\n- Fix init script when no config files are present\n- Related: bz756396\n[3.3.13-1]\n- Update to latest upstream release\n- Add patch to support specifying subnet_prefix on command lien\n- Update init script to pass unique subnet_prefix's when using the GUID\n method of starting multiple instances\n- Fix up LSB init script headers\n- Resolves: bz754196\n[3.3.12-1]\n- Generate the opensm.conf file instead of shipping a static one as a source\n- Update to latest upstream release (FDR link speed support)\n- Resolves: bz750609\n[3.3.9-1]\n- Update to latest upstream version (3.3.5 -> 3.3.9)\n- Add /etc/sysconfig/opensm for use by opensm init script\n- Enable the ability to start more than one instance of opensm for multiple\n fabric support\n- Enable the ability to start opensm with a priority other than default for\n support of backup opensm instances\n- Related: bz725016\n- Resolves: bz633392\n[3.3.5-1]\n- Update to latest upstream release. We need various defines in ib_types.h\n for the latest ibutils package to build properly, and the latest ibutils\n package is needed because we found licensing problems in the older\n tarballs during review.\n[3.3.3-2]\n- ExcludeArch s390(x) as there's no hardware support there\n[3.3.3-1]\n- Update to latest upstream release\n- Minor tweaks to init script for LSB compliance\n[3.3.2-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n[3.3.2-1]\n- Update to latest upstream version\n[3.3.1-1]\n- Update to latest upstream version\n[3.2.1-3]\n- fix bare elifs to rebuild\n[3.2.1-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[3.2.1-1]\n- Initial package for Fedora review process\nrdma\n[3.6-1.0.2]\n- Add SDP to rdma.conf and rdma.init\n[3.6-1.0.1]\n- Support Mellanox OFED 1.5.5\n[3.6-1]\n- Bump version to match final kernel submission\n[3.6-0.rc5.1]\n- Bump version to match kernel update submitted for rhel6.4", "modified": "2013-02-22T00:00:00", "published": "2013-02-22T00:00:00", "id": "ELSA-2013-0509", "href": "http://linux.oracle.com/errata/ELSA-2013-0509.html", "title": "rdma security, bug fix and enhancement update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:01", "bulletinFamily": "unix", "description": "Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP\nutilities, libraries and development packages for writing applications\nthat use Remote Direct Memory Access (RDMA) technology.\n\nA denial of service flaw was found in the way ibacm managed reference\ncounts for multicast connections. An attacker could send specially-crafted\nmulticast packets that would cause the ibacm daemon to crash.\n(CVE-2012-4517)\n\nIt was found that the ibacm daemon created some files with world-writable\npermissions. A local attacker could use this flaw to overwrite the\ncontents of the ibacm.log or ibacm.port file, allowing them to mask\ncertain actions from the log or cause ibacm to run on a non-default port.\n(CVE-2012-4518)\n\nCVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\nSecurity Team and Kurt Seifried of the Red Hat Security Response Team.\n\nThe InfiniBand/iWARP/RDMA stack components have been upgraded to more\nrecent upstream versions.\n\nThis update also fixes the following bugs:\n\n* Previously, the \"ibnodes -h\" command did not show a proper usage message.\nWith this update the problem is fixed and \"ibnodes -h\" now shows the\ncorrect usage message. (BZ#818606)\n\n* Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\nhardware's physical state as invalid even when the device was working. For\niWARP hardware, the phys_state field has no meaning. This update patches\nthe utility to not print out anything for this field when the hardware is\niWARP hardware. (BZ#822781)\n\n* Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\nthe InfiniBand device files in the wrong place and a udev rules file was\nused to force the devices to be created in the proper place. With the\nupdate to 6.3, the kernel was fixed to create the InfiniBand device files\nin the proper place, and so the udev rules file was removed as no longer\nbeing necessary. However, a bug in the kernel device creation meant that,\nalthough the devices were now being created in the right place, they had\nincorrect permissions. Consequently, when users attempted to run an RDMA\napplication as a non-root user, the application failed to get the necessary\npermissions to use the RDMA device and the application terminated. This\nupdate puts a new udev rules file in place. It no longer attempts to create\nthe InfiniBand devices since they already exist, but it does correct the\ndevice permissions on the files. (BZ#834428)\n\n* Previously, using the \"perfquery -C\" command with a host name caused the\nperfquery utility to become unresponsive. The list of controllers to\nprocess was never cleared and the process looped infinitely on a single\ncontroller. A patch has been applied to make sure that in the case where\nthe user passes in the -C option, the controller list is cleared out once\nthat controller has been processed. As a result, perfquery now works as\nexpected in the scenario described. (BZ#847129)\n\n* The OpenSM init script did not handle the case where there were no\nconfiguration files under \"/etc/rdma/opensm.conf.*\". With this update, the\nscript as been patched and the InfiniBand Subnet Manager, OpenSM, now\nstarts as expected in the scenario described. (BZ#862857)\n\nThis update also adds the following enhancement:\n\n* This update provides an updated mlx4_ib Mellanox driver which includes\nSingle Root I/O Virtualization (SR-IOV) support. (BZ#869737)\n\nAll users of RDMA are advised to upgrade to these updated packages, which\nfix these issues and add this enhancement.\n", "modified": "2018-06-06T20:24:11", "published": "2013-02-21T05:00:00", "id": "RHSA-2013:0509", "href": "https://access.redhat.com/errata/RHSA-2013:0509", "type": "redhat", "title": "(RHSA-2013:0509) Low: rdma security, bug fix and enhancement update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:33:42", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:0509\n\n\nRed Hat Enterprise Linux includes a collection of InfiniBand and iWARP\nutilities, libraries and development packages for writing applications\nthat use Remote Direct Memory Access (RDMA) technology.\n\nA denial of service flaw was found in the way ibacm managed reference\ncounts for multicast connections. An attacker could send specially-crafted\nmulticast packets that would cause the ibacm daemon to crash.\n(CVE-2012-4517)\n\nIt was found that the ibacm daemon created some files with world-writable\npermissions. A local attacker could use this flaw to overwrite the\ncontents of the ibacm.log or ibacm.port file, allowing them to mask\ncertain actions from the log or cause ibacm to run on a non-default port.\n(CVE-2012-4518)\n\nCVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product\nSecurity Team and Kurt Seifried of the Red Hat Security Response Team.\n\nThe InfiniBand/iWARP/RDMA stack components have been upgraded to more\nrecent upstream versions.\n\nThis update also fixes the following bugs:\n\n* Previously, the \"ibnodes -h\" command did not show a proper usage message.\nWith this update the problem is fixed and \"ibnodes -h\" now shows the\ncorrect usage message. (BZ#818606)\n\n* Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3\nhardware's physical state as invalid even when the device was working. For\niWARP hardware, the phys_state field has no meaning. This update patches\nthe utility to not print out anything for this field when the hardware is\niWARP hardware. (BZ#822781)\n\n* Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created\nthe InfiniBand device files in the wrong place and a udev rules file was\nused to force the devices to be created in the proper place. With the\nupdate to 6.3, the kernel was fixed to create the InfiniBand device files\nin the proper place, and so the udev rules file was removed as no longer\nbeing necessary. However, a bug in the kernel device creation meant that,\nalthough the devices were now being created in the right place, they had\nincorrect permissions. Consequently, when users attempted to run an RDMA\napplication as a non-root user, the application failed to get the necessary\npermissions to use the RDMA device and the application terminated. This\nupdate puts a new udev rules file in place. It no longer attempts to create\nthe InfiniBand devices since they already exist, but it does correct the\ndevice permissions on the files. (BZ#834428)\n\n* Previously, using the \"perfquery -C\" command with a host name caused the\nperfquery utility to become unresponsive. The list of controllers to\nprocess was never cleared and the process looped infinitely on a single\ncontroller. A patch has been applied to make sure that in the case where\nthe user passes in the -C option, the controller list is cleared out once\nthat controller has been processed. As a result, perfquery now works as\nexpected in the scenario described. (BZ#847129)\n\n* The OpenSM init script did not handle the case where there were no\nconfiguration files under \"/etc/rdma/opensm.conf.*\". With this update, the\nscript as been patched and the InfiniBand Subnet Manager, OpenSM, now\nstarts as expected in the scenario described. (BZ#862857)\n\nThis update also adds the following enhancement:\n\n* This update provides an updated mlx4_ib Mellanox driver which includes\nSingle Root I/O Virtualization (SR-IOV) support. (BZ#869737)\n\nAll users of RDMA are advised to upgrade to these updated packages, which\nfix these issues and add this enhancement.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019346.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019347.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019348.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019350.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019373.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019374.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019375.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019380.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019383.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019457.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019488.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000534.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000535.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000536.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000538.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000539.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000565.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000566.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000570.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000573.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000648.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000679.html\n\n**Affected packages:**\nibacm\nibacm-devel\nibsim\nibutils\nibutils-devel\nibutils-libs\ninfiniband-diags\ninfiniband-diags-devel\ninfiniband-diags-devel-static\ninfinipath-psm\ninfinipath-psm-devel\nlibibmad\nlibibmad-devel\nlibibmad-static\nlibibumad\nlibibumad-devel\nlibibumad-static\nlibibverbs\nlibibverbs-devel\nlibibverbs-devel-static\nlibibverbs-utils\nlibmlx4\nlibmlx4-static\nlibrdmacm\nlibrdmacm-devel\nlibrdmacm-static\nlibrdmacm-utils\nopensm\nopensm-devel\nopensm-libs\nopensm-static\nrdma\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0509.html", "modified": "2013-03-09T00:42:43", "published": "2013-02-27T19:35:22", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-February/000534.html", "id": "CESA-2013:0509", "title": "ibacm, ibsim, ibutils, infiniband, infinipath, libibmad, libibumad, libibverbs, libmlx4, librdmacm, opensm, rdma security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}