Bug 457935 (CVE-2008-3277) - CVE-2008-3277 ibutils: insecure relative RPATH
Summary: CVE-2008-3277 ibutils: insecure relative RPATH
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-3277
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Infiniband QE
URL:
Whiteboard:
Depends On: 768400
Blocks: 742493
TreeView+ depends on / blocked
 
Reported: 2008-08-05 16:08 UTC by Tomas Hoger
Modified: 2019-09-29 12:26 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-21 08:20:47 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0311 0 normal SHIPPED_LIVE Low: ibutils security and bug fix update 2012-02-21 07:25:06 UTC

Description Tomas Hoger 2008-08-05 16:08:59 UTC 
ibutils packages as shipped in Red Hat Enterprise Linux 4 and 5 are built to use insecure RPATH set in the ELF header of the ibmssh command.

This issue can possibly be exploited by a local attacker to run arbitrary code as some other user if victim user can be convinced to run ibmssh command in an attacker controlled directory with specially crafted content.

Affected binary: /usr/bin/ibmssh
RPATH: refix/lib
Comment 1 Tomas Hoger 2008-08-05 16:11:51 UTC 
Problem seems to be caused by pretty obvious issue in ibmgtsim/src/Makefile.* - $prefix is used instead of $(prefix).
Comment 3 Doug Ledford 2011-08-09 17:02:26 UTC 
ibutils-1.5.7-2.el6 fixes this issue in rhel6 at least.
Comment 10 errata-xmlrpc 2012-02-21 03:24:08 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0311 https://rhn.redhat.com/errata/RHSA-2012-0311.html
Note You need to log in before you can comment on or make changes to this bug.