6.3 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:C/A:C
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local
users to overwrite arbitrary files via a symlink attack on the
/tmp/ib_set_node_desc.sh temporary file.
Author | Note |
---|---|
jdstrand | this script is actually in ofa-kernel, not OFED. Currently, there is an ITP bug on ofa-kernel, but it is not in Debian or Ubuntu yet. Fix is in ofa_1_5_kernel/…/ofed_scripts/openibd from 2010-10-28 (see References). |
www.openfabrics.org/downloads/ofa_1_5_kernel/
www.openfabrics.org/downloads/ofa_1_5_kernel/ofa_1_5_kernel-20101028-0200/ofed_scripts/openibd
launchpad.net/bugs/cve/CVE-2010-1693
nvd.nist.gov/vuln/detail/CVE-2010-1693
security-tracker.debian.org/tracker/CVE-2010-1693
www.cve.org/CVERecord?id=CVE-2010-1693