OpenFabrics ibutils Insecure Temporary File Creation Vulnerability

Bugtraq ID:	58335
Class:	Design Error
CVE:	CVE-2013-2561
Remote:	No
Local:	Yes
Published:	Mar 06 2013 12:00AM
Updated:	Aug 30 2016 12:00PM
Credit:	Larry W. Cashdollar
Vulnerable:	Redhat Enterprise Linux Workstation Optional 6 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server Optional 6 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux HPC Node Optional 6 Redhat Enterprise Linux HPC Node 6 Redhat Enterprise Linux Desktop Optional 6 Redhat Enterprise Linux Desktop 6 Oracle Solaris 11.3 Oracle Solaris 11.1 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 OpenFabrics Alliance ibutils 1.5.7
Not Vulnerable:	Oracle Solaris 11.3 SRU11.6

OpenFabrics ibutils Insecure Temporary File Creation Vulnerability

OpenFabrics ibutils is prone to an insecure temporary-file-creation vulnerability.



Local attackers may be able to perform symbolic-link attacks to overwrite arbitrary files in the context of the affected application and perform certain actions with root privileges. Other attacks may also be possible.

OpenFabrics ibutils Insecure Temporary File Creation Vulnerability

Attackers require local interactive access to exploit this issue.

OpenFabrics ibutils Insecure Temporary File Creation Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

OpenFabrics ibutils Insecure Temporary File Creation Vulnerability

References:

• ibutils Product Page (OpenFabrics Alliance)
  
• OpenFabrics Alliance Homepage (OpenFabrics Alliance)
  
• CVE-2013-2561 Link Following vulnerability in OpenFabrics ibutils (Oracle)
  
• Oracle Solaris Third Party Bulletin - July 2016 (Oracle)