Lucene search

Ubuntu.comUB:CVE-2010-1693

HistoryOct 26, 2010 - 12:00 a.m.

CVE-2010-1693

2010-10-2600:00:00

ubuntu.com

6.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local
users to overwrite arbitrary files via a symlink attack on the
/tmp/ib_set_node_desc.sh temporary file.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541849>

Notes

Author	Note
jdstrand	this script is actually in ofa-kernel, not OFED. Currently, there is an ITP bug on ofa-kernel, but it is not in Debian or Ubuntu yet. Fix is in ofa_1_5_kernel/…/ofed_scripts/openibd from 2010-10-28 (see References).

References

www.openfabrics.org/downloads/ofa_1_5_kernel/

www.openfabrics.org/downloads/ofa_1_5_kernel/ofa_1_5_kernel-20101028-0200/ofed_scripts/openibd

launchpad.net/bugs/cve/CVE-2010-1693

nvd.nist.gov/vuln/detail/CVE-2010-1693

security-tracker.debian.org/tracker/CVE-2010-1693

www.cve.org/CVERecord?id=CVE-2010-1693

6.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2010-1693