CVE-2013-2561Link Following in Ibutils

CWE-59Link Following6 documents6 sources
Severity
6.3MEDIUMNVD
EPSS
0.1%
top 77.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Openfabrics IbutilsDebian IbutilsRedhat Enterprise Linux
Timeline
PublishedNov 23
Latest updateMay 14

Description

OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.

CVSS vector

AV:L/AC:M/C:N/I:C/A:CExploitability: 3.4 | Impact: 9.2

Affected Packages3 packages

Debianopenfabrics/ibutils< 1.5.7-2+3
debiandebian/ibutils< ibutils 1.5.7-2 (bookworm)

Also affects: Enterprise Linux 6.0

🔴Vulnerability Details

2
GHSA
GHSA-4q9r-mj23-g4vq: OpenFabrics ibutils 12022-05-14
OSV
CVE-2013-2561: OpenFabrics ibutils 12013-11-23

📋Vendor Advisories

2
Red Hat
ibutils: insecure handling of files in the /tmp directory2013-03-06
Debian
CVE-2013-2561: ibutils - OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a ...2013

💬Community

1
Bugzilla
CVE-2013-2561 ibutils: insecure handling of files in the /tmp directory2013-03-25