Vulnerabilities > CVE-2013-2561 - Link Following vulnerability in multiple products

CVSS 6.3 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

redhat

openfabrics

CWE-59

nessus

NVD

Published: 2013-11-23

Updated: 2019-04-22

Summary

OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux 6.0	1
Application	Openfabrics Openfabrics Ibutils 1.5.7	1

Common Weakness Enumeration (CWE)

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Common Attack Pattern Enumeration and Classification (CAPEC)

Symlink Attack
An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.
Accessing, Modifying or Executing Executable Files
An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
Manipulating Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Nessus

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-1661.NASL
description	From Red Hat Security Advisory 2013:1661 : Updated rdma, libibverbs, libmlx4, librdmacm, qperf, perftest, openmpi, compat-openmpi, infinipath-psm, mpitests, and rds-tools packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Linux includes a collection of Infiniband and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access (RDMA) technology. A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack. (CVE-2013-2561) It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications. (CVE-2012-4516) The CVE-2012-4516 issue was discovered by Florian Weimer of the Red Hat Product Security Team. This advisory updates the following packages to the latest upstream releases, providing a number of bug fixes and enhancements over the previous versions : * libibverbs-1.1.7 * libmlx4-1.0.5 * librdmacm-1.0.17 * mstflint-3.0 * perftest-2.0 * qperf-0.4.9 * rdma-3.10 Several bugs have been fixed in the openmpi, mpitests, ibutils, and infinipath-psm packages. The most notable changes in these updated packages from the RDMA stack are the following : * Multiple bugs in the Message Passing Interface (MPI) test packages were resolved, allowing more of the mpitest applications to pass on the underlying MPI implementations. * The libmlx4 package now includes dracut module files to ensure that any necessary custom configuration of mlx4 port types is included in the initramfs dracut builds. * Multiple test programs in the perftest and qperf packages now work properly over RoCE interfaces, or when specifying the use of rdmacm queue pairs. * The mstflint package has been updated to the latest upstream version, which is now capable of burning firmware on newly released Mellanox Connect-IB hardware. * A compatibility problem between the openmpi and infinipath-psm packages has been resolved with new builds of these packages. All RDMA users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
last seen	2020-06-01
modified	2020-06-02
plugin id	71110
published	2013-11-27
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71110
title	Oracle Linux 6 : RDMA / stack (ELSA-2013-1661)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:1661 and # Oracle Linux Security Advisory ELSA-2013-1661 respectively. # include("compat.inc"); if (description) { script_id(71110); script_version("1.10"); script_cvs_date("Date: 2019/09/30 10:58:18"); script_cve_id("CVE-2012-4516", "CVE-2013-2561"); script_bugtraq_id(55896, 58335); script_xref(name:"RHSA", value:"2013:1661"); script_name(english:"Oracle Linux 6 : RDMA / stack (ELSA-2013-1661)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2013:1661 : Updated rdma, libibverbs, libmlx4, librdmacm, qperf, perftest, openmpi, compat-openmpi, infinipath-psm, mpitests, and rds-tools packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Linux includes a collection of Infiniband and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access (RDMA) technology. A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack. (CVE-2013-2561) It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications. (CVE-2012-4516) The CVE-2012-4516 issue was discovered by Florian Weimer of the Red Hat Product Security Team. This advisory updates the following packages to the latest upstream releases, providing a number of bug fixes and enhancements over the previous versions : * libibverbs-1.1.7 * libmlx4-1.0.5 * librdmacm-1.0.17 * mstflint-3.0 * perftest-2.0 * qperf-0.4.9 * rdma-3.10 Several bugs have been fixed in the openmpi, mpitests, ibutils, and infinipath-psm packages. The most notable changes in these updated packages from the RDMA stack are the following : * Multiple bugs in the Message Passing Interface (MPI) test packages were resolved, allowing more of the mpitest applications to pass on the underlying MPI implementations. * The libmlx4 package now includes dracut module files to ensure that any necessary custom configuration of mlx4 port types is included in the initramfs dracut builds. * Multiple test programs in the perftest and qperf packages now work properly over RoCE interfaces, or when specifying the use of rdmacm queue pairs. * The mstflint package has been updated to the latest upstream version, which is now capable of burning firmware on newly released Mellanox Connect-IB hardware. * A compatibility problem between the openmpi and infinipath-psm packages has been resolved with new builds of these packages. All RDMA users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-November/003816.html" ); script_set_attribute( attribute:"solution", value:"Update the affected rdma and / or stack packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ibutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ibutils-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ibutils-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:infinipath-psm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:infinipath-psm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libibverbs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libibverbs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libibverbs-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libibverbs-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libmlx4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libmlx4-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:librdmacm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:librdmacm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:librdmacm-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:librdmacm-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mpitests-mvapich"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mpitests-mvapich-psm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mpitests-mvapich2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mpitests-mvapich2-psm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mpitests-openmpi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mstflint"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openmpi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openmpi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perftest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qperf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rdma"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/22"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"ibutils-1.5.7-8.el6")) flag++; if (rpm_check(release:"EL6", reference:"ibutils-devel-1.5.7-8.el6")) flag++; if (rpm_check(release:"EL6", reference:"ibutils-libs-1.5.7-8.el6")) flag++; if (rpm_check(release:"EL6", cpu:"x86_64", reference:"infinipath-psm-3.0.1-115.1015_open.2.el6")) flag++; if (rpm_check(release:"EL6", cpu:"x86_64", reference:"infinipath-psm-devel-3.0.1-115.1015_open.2.el6")) flag++; if (rpm_check(release:"EL6", reference:"libibverbs-1.1.7-1.el6")) flag++; if (rpm_check(release:"EL6", reference:"libibverbs-devel-1.1.7-1.el6")) flag++; if (rpm_check(release:"EL6", reference:"libibverbs-devel-static-1.1.7-1.el6")) flag++; if (rpm_check(release:"EL6", reference:"libibverbs-utils-1.1.7-1.el6")) flag++; if (rpm_check(release:"EL6", reference:"libmlx4-1.0.5-4.el6.1")) flag++; if (rpm_check(release:"EL6", reference:"libmlx4-static-1.0.5-4.el6.1")) flag++; if (rpm_check(release:"EL6", reference:"librdmacm-1.0.17-1.el6")) flag++; if (rpm_check(release:"EL6", reference:"librdmacm-devel-1.0.17-1.el6")) flag++; if (rpm_check(release:"EL6", reference:"librdmacm-static-1.0.17-1.el6")) flag++; if (rpm_check(release:"EL6", reference:"librdmacm-utils-1.0.17-1.el6")) flag++; if (rpm_check(release:"EL6", reference:"mpitests-mvapich-3.2-9.el6")) flag++; if (rpm_check(release:"EL6", cpu:"x86_64", reference:"mpitests-mvapich-psm-3.2-9.el6")) flag++; if (rpm_check(release:"EL6", reference:"mpitests-mvapich2-3.2-9.el6")) flag++; if (rpm_check(release:"EL6", cpu:"x86_64", reference:"mpitests-mvapich2-psm-3.2-9.el6")) flag++; if (rpm_check(release:"EL6", reference:"mpitests-openmpi-3.2-9.el6")) flag++; if (rpm_check(release:"EL6", reference:"mstflint-3.0-0.6.g6961daa.1.el6")) flag++; if (rpm_check(release:"EL6", reference:"openmpi-1.5.4-2.0.1.el6")) flag++; if (rpm_check(release:"EL6", reference:"openmpi-devel-1.5.4-2.0.1.el6")) flag++; if (rpm_check(release:"EL6", reference:"perftest-2.0-2.el6")) flag++; if (rpm_check(release:"EL6", reference:"qperf-0.4.9-1.0.1.el6")) flag++; if (rpm_check(release:"EL6", reference:"rdma-3.10-3.0.1.el6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ibutils / ibutils-devel / ibutils-libs / infinipath-psm / etc"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-1661.NASL
description	Updated rdma, libibverbs, libmlx4, librdmacm, qperf, perftest, openmpi, compat-openmpi, infinipath-psm, mpitests, and rds-tools packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Linux includes a collection of Infiniband and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access (RDMA) technology. A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack. (CVE-2013-2561) It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications. (CVE-2012-4516) The CVE-2012-4516 issue was discovered by Florian Weimer of the Red Hat Product Security Team. This advisory updates the following packages to the latest upstream releases, providing a number of bug fixes and enhancements over the previous versions : * libibverbs-1.1.7 * libmlx4-1.0.5 * librdmacm-1.0.17 * mstflint-3.0 * perftest-2.0 * qperf-0.4.9 * rdma-3.10 Several bugs have been fixed in the openmpi, mpitests, ibutils, and infinipath-psm packages. The most notable changes in these updated packages from the RDMA stack are the following : * Multiple bugs in the Message Passing Interface (MPI) test packages were resolved, allowing more of the mpitest applications to pass on the underlying MPI implementations. * The libmlx4 package now includes dracut module files to ensure that any necessary custom configuration of mlx4 port types is included in the initramfs dracut builds. * Multiple test programs in the perftest and qperf packages now work properly over RoCE interfaces, or when specifying the use of rdmacm queue pairs. * The mstflint package has been updated to the latest upstream version, which is now capable of burning firmware on newly released Mellanox Connect-IB hardware. * A compatibility problem between the openmpi and infinipath-psm packages has been resolved with new builds of these packages. All RDMA users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
last seen	2020-06-01
modified	2020-06-02
plugin id	71015
published	2013-11-21
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71015
title	RHEL 6 : RDMA stack (RHSA-2013:1661)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:1661. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(71015); script_version("1.15"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2012-4516", "CVE-2013-2561"); script_bugtraq_id(55896, 58335); script_xref(name:"RHSA", value:"2013:1661"); script_name(english:"RHEL 6 : RDMA stack (RHSA-2013:1661)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated rdma, libibverbs, libmlx4, librdmacm, qperf, perftest, openmpi, compat-openmpi, infinipath-psm, mpitests, and rds-tools packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Linux includes a collection of Infiniband and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access (RDMA) technology. A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack. (CVE-2013-2561) It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications. (CVE-2012-4516) The CVE-2012-4516 issue was discovered by Florian Weimer of the Red Hat Product Security Team. This advisory updates the following packages to the latest upstream releases, providing a number of bug fixes and enhancements over the previous versions : * libibverbs-1.1.7 * libmlx4-1.0.5 * librdmacm-1.0.17 * mstflint-3.0 * perftest-2.0 * qperf-0.4.9 * rdma-3.10 Several bugs have been fixed in the openmpi, mpitests, ibutils, and infinipath-psm packages. The most notable changes in these updated packages from the RDMA stack are the following : * Multiple bugs in the Message Passing Interface (MPI) test packages were resolved, allowing more of the mpitest applications to pass on the underlying MPI implementations. * The libmlx4 package now includes dracut module files to ensure that any necessary custom configuration of mlx4 port types is included in the initramfs dracut builds. * Multiple test programs in the perftest and qperf packages now work properly over RoCE interfaces, or when specifying the use of rdmacm queue pairs. * The mstflint package has been updated to the latest upstream version, which is now capable of burning firmware on newly released Mellanox Connect-IB hardware. * A compatibility problem between the openmpi and infinipath-psm packages has been resolved with new builds of these packages. All RDMA users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:1661" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-2561" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-4516" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ibutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ibutils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ibutils-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ibutils-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinipath-psm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinipath-psm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:infinipath-psm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libibverbs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libibverbs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libibverbs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libibverbs-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libibverbs-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libmlx4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libmlx4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libmlx4-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:librdmacm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:librdmacm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:librdmacm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:librdmacm-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:librdmacm-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mpitests-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mpitests-mvapich"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mpitests-mvapich-psm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mpitests-mvapich2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mpitests-mvapich2-psm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mpitests-openmpi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mstflint"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mstflint-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openmpi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openmpi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openmpi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perftest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perftest-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qperf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qperf-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rdma"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/22"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:1661"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ibutils-1.5.7-8.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ibutils-1.5.7-8.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ibutils-debuginfo-1.5.7-8.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ibutils-debuginfo-1.5.7-8.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ibutils-devel-1.5.7-8.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ibutils-devel-1.5.7-8.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ibutils-libs-1.5.7-8.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ibutils-libs-1.5.7-8.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"infinipath-psm-3.0.1-115.1015_open.2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"infinipath-psm-debuginfo-3.0.1-115.1015_open.2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"infinipath-psm-devel-3.0.1-115.1015_open.2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libibverbs-1.1.7-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libibverbs-1.1.7-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libibverbs-debuginfo-1.1.7-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libibverbs-debuginfo-1.1.7-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libibverbs-devel-1.1.7-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libibverbs-devel-1.1.7-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libibverbs-devel-static-1.1.7-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libibverbs-devel-static-1.1.7-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libibverbs-utils-1.1.7-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libibverbs-utils-1.1.7-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libmlx4-1.0.5-4.el6.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libmlx4-1.0.5-4.el6.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libmlx4-debuginfo-1.0.5-4.el6.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libmlx4-debuginfo-1.0.5-4.el6.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libmlx4-static-1.0.5-4.el6.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libmlx4-static-1.0.5-4.el6.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"librdmacm-1.0.17-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"librdmacm-1.0.17-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"librdmacm-debuginfo-1.0.17-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"librdmacm-debuginfo-1.0.17-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"librdmacm-devel-1.0.17-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"librdmacm-devel-1.0.17-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"librdmacm-static-1.0.17-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"librdmacm-static-1.0.17-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"librdmacm-utils-1.0.17-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"librdmacm-utils-1.0.17-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mpitests-debuginfo-3.2-9.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mpitests-debuginfo-3.2-9.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mpitests-mvapich-3.2-9.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mpitests-mvapich-3.2-9.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mpitests-mvapich-psm-3.2-9.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mpitests-mvapich2-3.2-9.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mpitests-mvapich2-3.2-9.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mpitests-mvapich2-psm-3.2-9.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mpitests-openmpi-3.2-9.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mpitests-openmpi-3.2-9.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mstflint-3.0-0.6.g6961daa.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mstflint-3.0-0.6.g6961daa.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mstflint-debuginfo-3.0-0.6.g6961daa.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mstflint-debuginfo-3.0-0.6.g6961daa.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openmpi-1.5.4-2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openmpi-1.5.4-2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openmpi-debuginfo-1.5.4-2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openmpi-debuginfo-1.5.4-2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openmpi-devel-1.5.4-2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openmpi-devel-1.5.4-2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perftest-2.0-2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perftest-2.0-2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perftest-debuginfo-2.0-2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perftest-debuginfo-2.0-2.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"qperf-0.4.9-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qperf-0.4.9-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"qperf-debuginfo-0.4.9-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qperf-debuginfo-0.4.9-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rdma-3.10-3.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ibutils / ibutils-debuginfo / ibutils-devel / ibutils-libs / etc"); } }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20131121_RDMA_STACK_ON_SL6_X.NASL
description	A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack. (CVE-2013-2561) It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications. (CVE-2012-4516) This advisory updates the following packages to the latest upstream releases, providing a number of bug fixes and enhancements over the previous versions : Several bugs have been fixed in the openmpi, mpitests, ibutils, and infinipath-psm packages. The most notable changes in these updated packages from the RDMA stack are the following : - Multiple bugs in the Message Passing Interface (MPI) test packages were resolved, allowing more of the mpitest applications to pass on the underlying MPI implementations. - The libmlx4 package now includes dracut module files to ensure that any necessary custom configuration of mlx4 port types is included in the initramfs dracut builds. - Multiple test programs in the perftest and qperf packages now work properly over RoCE interfaces, or when specifying the use of rdmacm queue pairs. - The mstflint package has been updated to the latest upstream version, which is now capable of burning firmware on newly released Mellanox Connect-IB hardware. - A compatibility problem between the openmpi and infinipath-psm packages has been resolved with new builds of these packages.
last seen	2020-03-18
modified	2013-12-10
plugin id	71294
published	2013-12-10
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71294
title	Scientific Linux Security Update : RDMA stack on SL6.x i386/x86_64 (20131121)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(71294); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27"); script_cve_id("CVE-2012-4516", "CVE-2013-2561"); script_name(english:"Scientific Linux Security Update : RDMA stack on SL6.x i386/x86_64 (20131121)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack. (CVE-2013-2561) It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications. (CVE-2012-4516) This advisory updates the following packages to the latest upstream releases, providing a number of bug fixes and enhancements over the previous versions : Several bugs have been fixed in the openmpi, mpitests, ibutils, and infinipath-psm packages. The most notable changes in these updated packages from the RDMA stack are the following : - Multiple bugs in the Message Passing Interface (MPI) test packages were resolved, allowing more of the mpitest applications to pass on the underlying MPI implementations. - The libmlx4 package now includes dracut module files to ensure that any necessary custom configuration of mlx4 port types is included in the initramfs dracut builds. - Multiple test programs in the perftest and qperf packages now work properly over RoCE interfaces, or when specifying the use of rdmacm queue pairs. - The mstflint package has been updated to the latest upstream version, which is now capable of burning firmware on newly released Mellanox Connect-IB hardware. - A compatibility problem between the openmpi and infinipath-psm packages has been resolved with new builds of these packages." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=2821 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9c449f74" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibutils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibutils-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibutils-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:infinipath-psm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:infinipath-psm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:infinipath-psm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libibverbs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libibverbs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libibverbs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libibverbs-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libibverbs-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libmlx4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libmlx4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libmlx4-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:librdmacm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:librdmacm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:librdmacm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:librdmacm-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:librdmacm-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mpitests-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mpitests-mvapich"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mpitests-mvapich-psm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mpitests-mvapich2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mpitests-mvapich2-psm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mpitests-openmpi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mstflint"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mstflint-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openmpi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openmpi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openmpi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perftest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perftest-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qperf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qperf-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:rdma"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/22"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"ibutils-1.5.7-8.el6")) flag++; if (rpm_check(release:"SL6", reference:"ibutils-debuginfo-1.5.7-8.el6")) flag++; if (rpm_check(release:"SL6", reference:"ibutils-devel-1.5.7-8.el6")) flag++; if (rpm_check(release:"SL6", reference:"ibutils-libs-1.5.7-8.el6")) flag++; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"infinipath-psm-3.0.1-115.1015_open.2.el6")) flag++; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"infinipath-psm-debuginfo-3.0.1-115.1015_open.2.el6")) flag++; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"infinipath-psm-devel-3.0.1-115.1015_open.2.el6")) flag++; if (rpm_check(release:"SL6", reference:"libibverbs-1.1.7-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"libibverbs-debuginfo-1.1.7-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"libibverbs-devel-1.1.7-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"libibverbs-devel-static-1.1.7-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"libibverbs-utils-1.1.7-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"libmlx4-1.0.5-4.el6.1")) flag++; if (rpm_check(release:"SL6", reference:"libmlx4-debuginfo-1.0.5-4.el6.1")) flag++; if (rpm_check(release:"SL6", reference:"libmlx4-static-1.0.5-4.el6.1")) flag++; if (rpm_check(release:"SL6", reference:"librdmacm-1.0.17-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"librdmacm-debuginfo-1.0.17-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"librdmacm-devel-1.0.17-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"librdmacm-static-1.0.17-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"librdmacm-utils-1.0.17-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"mpitests-debuginfo-3.2-9.el6")) flag++; if (rpm_check(release:"SL6", reference:"mpitests-mvapich-3.2-9.el6")) flag++; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"mpitests-mvapich-psm-3.2-9.el6")) flag++; if (rpm_check(release:"SL6", reference:"mpitests-mvapich2-3.2-9.el6")) flag++; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"mpitests-mvapich2-psm-3.2-9.el6")) flag++; if (rpm_check(release:"SL6", reference:"mpitests-openmpi-3.2-9.el6")) flag++; if (rpm_check(release:"SL6", reference:"mstflint-3.0-0.6.g6961daa.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"mstflint-debuginfo-3.0-0.6.g6961daa.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"openmpi-1.5.4-2.el6")) flag++; if (rpm_check(release:"SL6", reference:"openmpi-debuginfo-1.5.4-2.el6")) flag++; if (rpm_check(release:"SL6", reference:"openmpi-devel-1.5.4-2.el6")) flag++; if (rpm_check(release:"SL6", reference:"perftest-2.0-2.el6")) flag++; if (rpm_check(release:"SL6", reference:"perftest-debuginfo-2.0-2.el6")) flag++; if (rpm_check(release:"SL6", reference:"qperf-0.4.9-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"qperf-debuginfo-0.4.9-1.el6")) flag++; if (rpm_check(release:"SL6", reference:"rdma-3.10-3.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ibutils / ibutils-debuginfo / ibutils-devel / ibutils-libs / etc"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-1661.NASL
description	Updated rdma, libibverbs, libmlx4, librdmacm, qperf, perftest, openmpi, compat-openmpi, infinipath-psm, mpitests, and rds-tools packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Linux includes a collection of Infiniband and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access (RDMA) technology. A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack. (CVE-2013-2561) It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications. (CVE-2012-4516) The CVE-2012-4516 issue was discovered by Florian Weimer of the Red Hat Product Security Team. This advisory updates the following packages to the latest upstream releases, providing a number of bug fixes and enhancements over the previous versions : * libibverbs-1.1.7 * libmlx4-1.0.5 * librdmacm-1.0.17 * mstflint-3.0 * perftest-2.0 * qperf-0.4.9 * rdma-3.10 Several bugs have been fixed in the openmpi, mpitests, ibutils, and infinipath-psm packages. The most notable changes in these updated packages from the RDMA stack are the following : * Multiple bugs in the Message Passing Interface (MPI) test packages were resolved, allowing more of the mpitest applications to pass on the underlying MPI implementations. * The libmlx4 package now includes dracut module files to ensure that any necessary custom configuration of mlx4 port types is included in the initramfs dracut builds. * Multiple test programs in the perftest and qperf packages now work properly over RoCE interfaces, or when specifying the use of rdmacm queue pairs. * The mstflint package has been updated to the latest upstream version, which is now capable of burning firmware on newly released Mellanox Connect-IB hardware. * A compatibility problem between the openmpi and infinipath-psm packages has been resolved with new builds of these packages. All RDMA users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
last seen	2020-06-01
modified	2020-06-02
plugin id	79172
published	2014-11-12
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79172
title	CentOS 6 : ibutils / infinipath-psm / libibverbs / libmlx4 / librdmacm / mpitests / mstflint / etc (CESA-2013:1661)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2013-256.NASL
description	A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack. It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications.
last seen	2020-06-01
modified	2020-06-02
plugin id	71396
published	2013-12-14
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/71396
title	Amazon Linux AMI : openmpi (ALAS-2013-256)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_IBUTILS-130710.NASL
description	Various tmp races in ibdiagnet of ibutils have been fixed that could have been used by local attackers on machines where infiband was debugged to gain privileges.
last seen	2020-06-05
modified	2013-07-14
plugin id	68874
published	2013-07-14
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/68874
title	SuSE 11.2 / 11.3 Security Update : ibutils (SAT Patch Numbers 8029 / 8030)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS11_IBUTILS_20140225.NASL
description	The remote Solaris system is missing necessary patches to address security updates : - OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/. (CVE-2013-2561)
last seen	2020-06-01
modified	2020-06-02
plugin id	80640
published	2015-01-19
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80640
title	Oracle Solaris Third-Party Patch Update : ibutils (cve_2013_2561_link_following)

Redhat

advisories

bugzilla

id	927430
title	CVE-2013-2561 ibutils: insecure handling of files in the /tmp directory

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment libibverbs-devel-static is earlier than 0:1.1.7-1.el6
oval oval:com.redhat.rhsa:tst:20131661001
comment libibverbs-devel-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509010

AND

comment libibverbs-devel is earlier than 0:1.1.7-1.el6
oval oval:com.redhat.rhsa:tst:20131661003
comment libibverbs-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509012

AND
comment libibverbs is earlier than 0:1.1.7-1.el6
oval oval:com.redhat.rhsa:tst:20131661005
comment libibverbs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509014

AND

comment libibverbs-utils is earlier than 0:1.1.7-1.el6
oval oval:com.redhat.rhsa:tst:20131661007
comment libibverbs-utils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509008

AND
comment rdma is earlier than 0:3.10-3.el6
oval oval:com.redhat.rhsa:tst:20131661009
comment rdma is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509006

AND

comment librdmacm-static is earlier than 0:1.0.17-1.el6
oval oval:com.redhat.rhsa:tst:20131661011
comment librdmacm-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509062

AND
comment librdmacm-devel is earlier than 0:1.0.17-1.el6
oval oval:com.redhat.rhsa:tst:20131661013
comment librdmacm-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509060
AND
comment librdmacm is earlier than 0:1.0.17-1.el6
oval oval:com.redhat.rhsa:tst:20131661015
comment librdmacm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509064
AND
comment librdmacm-utils is earlier than 0:1.0.17-1.el6
oval oval:com.redhat.rhsa:tst:20131661017
comment librdmacm-utils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509058

AND

comment infinipath-psm-devel is earlier than 0:3.0.1-115.1015_open.2.el6
oval oval:com.redhat.rhsa:tst:20131661019
comment infinipath-psm-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509002

AND

comment infinipath-psm is earlier than 0:3.0.1-115.1015_open.2.el6
oval oval:com.redhat.rhsa:tst:20131661021
comment infinipath-psm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509004

AND
comment openmpi is earlier than 0:1.5.4-2.el6
oval oval:com.redhat.rhsa:tst:20131661023
comment openmpi is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131661024
AND
comment openmpi-devel is earlier than 0:1.5.4-2.el6
oval oval:com.redhat.rhsa:tst:20131661025
comment openmpi-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131661026
AND
comment libmlx4-static is earlier than 0:1.0.5-4.el6.1
oval oval:com.redhat.rhsa:tst:20131661027
comment libmlx4-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509016
AND
comment libmlx4 is earlier than 0:1.0.5-4.el6.1
oval oval:com.redhat.rhsa:tst:20131661029
comment libmlx4 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509018
AND
comment qperf is earlier than 0:0.4.9-1.el6
oval oval:com.redhat.rhsa:tst:20131661031
comment qperf is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131661032
AND
comment mstflint is earlier than 0:3.0-0.6.g6961daa.1.el6
oval oval:com.redhat.rhsa:tst:20131661033
comment mstflint is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131661034
AND
comment ibutils is earlier than 0:1.5.7-8.el6
oval oval:com.redhat.rhsa:tst:20131661035
comment ibutils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509040
AND
comment ibutils-libs is earlier than 0:1.5.7-8.el6
oval oval:com.redhat.rhsa:tst:20131661037
comment ibutils-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509042
AND
comment ibutils-devel is earlier than 0:1.5.7-8.el6
oval oval:com.redhat.rhsa:tst:20131661039
comment ibutils-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130509044

AND

comment mpitests-mvapich-psm is earlier than 0:3.2-9.el6
oval oval:com.redhat.rhsa:tst:20131661041
comment mpitests-mvapich-psm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131661042

AND

comment mpitests-mvapich2-psm is earlier than 0:3.2-9.el6
oval oval:com.redhat.rhsa:tst:20131661043
comment mpitests-mvapich2-psm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131661044

AND
comment mpitests-mvapich is earlier than 0:3.2-9.el6
oval oval:com.redhat.rhsa:tst:20131661045
comment mpitests-mvapich is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131661046

AND

comment mpitests-mvapich2 is earlier than 0:3.2-9.el6
oval oval:com.redhat.rhsa:tst:20131661047
comment mpitests-mvapich2 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131661048

AND
comment mpitests-openmpi is earlier than 0:3.2-9.el6
oval oval:com.redhat.rhsa:tst:20131661049
comment mpitests-openmpi is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131661050
AND
comment perftest is earlier than 0:2.0-2.el6
oval oval:com.redhat.rhsa:tst:20131661051
comment perftest is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131661052

rhsa

id	RHSA-2013:1661
released	2013-11-20
severity	Moderate
title	RHSA-2013:1661: RDMA stack security, bug fix, and enhancement update (Moderate)

rpms

ibutils-0:1.5.7-8.el6
ibutils-debuginfo-0:1.5.7-8.el6
ibutils-devel-0:1.5.7-8.el6
ibutils-libs-0:1.5.7-8.el6
infinipath-psm-0:3.0.1-115.1015_open.2.el6
infinipath-psm-debuginfo-0:3.0.1-115.1015_open.2.el6
infinipath-psm-devel-0:3.0.1-115.1015_open.2.el6
libibverbs-0:1.1.7-1.el6
libibverbs-debuginfo-0:1.1.7-1.el6
libibverbs-devel-0:1.1.7-1.el6
libibverbs-devel-static-0:1.1.7-1.el6
libibverbs-utils-0:1.1.7-1.el6
libmlx4-0:1.0.5-4.el6.1
libmlx4-debuginfo-0:1.0.5-4.el6.1
libmlx4-static-0:1.0.5-4.el6.1
librdmacm-0:1.0.17-1.el6
librdmacm-debuginfo-0:1.0.17-1.el6
librdmacm-devel-0:1.0.17-1.el6
librdmacm-static-0:1.0.17-1.el6
librdmacm-utils-0:1.0.17-1.el6
mpitests-debuginfo-0:3.2-9.el6
mpitests-mvapich-0:3.2-9.el6
mpitests-mvapich-psm-0:3.2-9.el6
mpitests-mvapich2-0:3.2-9.el6
mpitests-mvapich2-psm-0:3.2-9.el6
mpitests-openmpi-0:3.2-9.el6
mstflint-0:3.0-0.6.g6961daa.1.el6
mstflint-debuginfo-0:3.0-0.6.g6961daa.1.el6
openmpi-0:1.5.4-2.el6
openmpi-debuginfo-0:1.5.4-2.el6
openmpi-devel-0:1.5.4-2.el6
perftest-0:2.0-2.el6
perftest-debuginfo-0:2.0-2.el6
qperf-0:0.4.9-1.el6
qperf-debuginfo-0:0.4.9-1.el6
rdma-0:3.10-3.el6

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References