Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.3
CVSSv2

CVE-2013-2561

Published: 23/11/2013 Updated: 22/04/2019
CVSS v2 Base Score: 6.3 | Impact Score: 9.2 | Exploitability Score: 3.4
VMScore: 561
Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C
Subscribe to Redhat

Vulnerability Summary

OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux 6.0

openfabrics ibutils 1.5.7

Vendor Advisories

Red Hat: Moderate: RDMA stack security, bug fix, and enhancement update
Synopsis Moderate: RDMA stack security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated rdma, libibverbs, libmlx4, librdmacm, qperf, perftest, openmpi,compat-openmpi, infinipath-psm, mpitests, and rds-tools packages that fixtwo security issues, several bugs, and add v ...
Debian CVElist Bug Report Logs: ibutils: CVE-2013-2561
Debian Bug report logs - #704063 ibutils: CVE-2013-2561 Package: ibutils; Maintainer for ibutils is Debian HPC Team <debian-hpc@listsdebianorg>; Source for ibutils is src:ibutils (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 27 Mar 2013 14:36:01 UTC Severity: grave Tags: securit ...
Amazon Linux AMI: ALAS-2013-256
A flaw was found in the way ibutils handled temporary files A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack It was discovered that librdmacm used a static port to connect to the ib_acm service A local attacker able to run a specially crafted ib_acm service on that port c ...

References

CWE-59http://www.openwall.com/lists/oss-security/2013/03/26/4http://seclists.org/fulldisclosure/2013/Mar/87http://www.openwall.com/lists/oss-security/2013/03/26/1http://rhn.redhat.com/errata/RHSA-2013-1661.htmlhttp://www.openwall.com/lists/oss-security/2013/03/19/8http://www.openwall.com/lists/oss-security/2013/03/26/11https://bugzilla.redhat.com/show_bug.cgi?id=927430http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.securityfocus.com/bid/58335https://access.redhat.com/errata/RHSA-2013:1661https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2013-256.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook