CVE-2008-3277 — Path Traversal in Ibutils

CWE-22 — Path Traversal5 documents5 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 70.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openfabrics Ibutils Debian Ibutils

Timeline

PublishedApr 15

Latest updateMay 1

Description

Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/ibutils

▶NVDopenfabrics/ibutils1.2-11.2, 1.5.7-2+1

🔴Vulnerability Details

GHSA

GHSA-jc8q-w279-7g62: Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1↗2022-05-01

▶

📋Vendor Advisories

Red Hat

ibutils: insecure relative RPATH↗2008-06-12

▶

Debian

CVE-2008-3277: ibutils - Untrusted search path vulnerability in a certain Red Hat build script for the ib...↗2008

▶

💬Community

Bugzilla

CVE-2008-3277 ibutils: insecure relative RPATH↗2008-08-05

▶