Openfabrics : Security Vulnerabilities, CVEs,

CVE-2013-2561

OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.
Max CVSS
6.3
EPSS Score
0.04%
Published
2013-11-23
Updated
2019-04-22

CVE-2012-4518

ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.
Max CVSS
3.6
EPSS Score
0.04%
Published
2012-10-22
Updated
2023-02-13

CVE-2012-4517

ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response.
Max CVSS
5.0
EPSS Score
3.76%
Published
2012-10-22
Updated
2023-02-13

CVE-2012-4516

librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service.
Max CVSS
5.8
EPSS Score
0.48%
Published
2012-10-22
Updated
2023-02-13

CVE-2011-3345

ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-09-19
Updated
2023-02-13

CVE-2010-4173

The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.
Max CVSS
3.3
EPSS Score
0.04%
Published
2010-11-22
Updated
2010-11-30

CVE-2010-1693

openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file.
Max CVSS
6.3
EPSS Score
0.04%
Published
2010-10-26
Updated
2017-08-17

CVE-2008-3277

Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header.
Max CVSS
4.4
EPSS Score
0.04%
Published
2014-04-15
Updated
2019-04-22
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close