6.3

CVE-2013-2561

Exploit
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Version6.0
OpenfabricsIbutils Version1.5.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.48% 0.373
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.3 3.4 9.2
AV:L/AC:M/Au:N/C:N/I:C/A:C
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://rhn.redhat.com/errata/RHSA-2013-1661.html
Vendor Advisory
http://seclists.org/fulldisclosure/2013/Mar/87
Exploit
http://www.openwall.com/lists/oss-security/2013/03/19/8
http://www.openwall.com/lists/oss-security/2013/03/26/1
http://www.openwall.com/lists/oss-security/2013/03/26/11
http://www.openwall.com/lists/oss-security/2013/03/26/4
http://www.securityfocus.com/bid/58335
https://bugzilla.redhat.com/show_bug.cgi?id=927430