Red Hat Bugzilla – Bug 457935
CVE-2008-3277 ibutils: insecure relative RPATH
Last modified: 2012-02-21 03:21:22 EST
ibutils packages as shipped in Red Hat Enterprise Linux 4 and 5 are built to use insecure RPATH set in the ELF header of the ibmssh command.
This issue can possibly be exploited by a local attacker to run arbitrary code as some other user if victim user can be convinced to run ibmssh command in an attacker controlled directory with specially crafted content.
Affected binary: /usr/bin/ibmssh
Problem seems to be caused by pretty obvious issue in ibmgtsim/src/Makefile.* - $prefix is used instead of $(prefix).
ibutils-1.5.7-2.el6 fixes this issue in rhel6 at least.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2012:0311 https://rhn.redhat.com/errata/RHSA-2012-0311.html