This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 457935 - (CVE-2008-3277) CVE-2008-3277 ibutils: insecure relative RPATH
CVE-2008-3277 ibutils: insecure relative RPATH
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
Infiniband QE
impact=low,public=20080612,reported=2...
: Security
Depends On: 768400
Blocks: 742493
  Show dependency treegraph
 
Reported: 2008-08-05 12:08 EDT by Tomas Hoger
Modified: 2012-02-21 03:21 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-02-21 03:20:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2008-08-05 12:08:59 EDT
ibutils packages as shipped in Red Hat Enterprise Linux 4 and 5 are built to use insecure RPATH set in the ELF header of the ibmssh command.

This issue can possibly be exploited by a local attacker to run arbitrary code as some other user if victim user can be convinced to run ibmssh command in an attacker controlled directory with specially crafted content.

Affected binary: /usr/bin/ibmssh
RPATH: refix/lib
Comment 1 Tomas Hoger 2008-08-05 12:11:51 EDT
Problem seems to be caused by pretty obvious issue in ibmgtsim/src/Makefile.* - $prefix is used instead of $(prefix).
Comment 3 Doug Ledford 2011-08-09 13:02:26 EDT
ibutils-1.5.7-2.el6 fixes this issue in rhel6 at least.
Comment 10 errata-xmlrpc 2012-02-20 22:24:08 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0311 https://rhn.redhat.com/errata/RHSA-2012-0311.html

Note You need to log in before you can comment on or make changes to this bug.