Upstream information

CVE-2010-1693 at MITRE

Description

openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.3
Vector AV:L/AC:M/Au:N/C:N/I:C/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 648551 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP2
  • ofed >= 1.5.2-0.22.23
  • ofed-doc >= 1.5.2-0.22.23
  • ofed-kmp-default >= 1.5.2_3.0.13_0.27-0.22.23
  • ofed-kmp-pae >= 1.5.2_3.0.13_0.27-0.22.23
  • ofed-kmp-ppc64 >= 1.5.2_3.0.13_0.27-0.22.23
  • ofed-kmp-trace >= 1.5.2_3.0.13_0.27-0.22.23
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA ofed
SUSE Linux Enterprise Server 11 SP3
  • ofed >= 1.5.4.1-0.11.5
  • ofed-doc >= 1.5.4.1-0.11.5
  • ofed-kmp-default >= 1.5.4.1_3.0.76_0.11-0.11.5
  • ofed-kmp-pae >= 1.5.4.1_3.0.76_0.11-0.11.5
  • ofed-kmp-ppc64 >= 1.5.4.1_3.0.76_0.11-0.11.5
  • ofed-kmp-trace >= 1.5.4.1_3.0.76_0.11-0.11.5
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA ofed
SUSE Linux Enterprise Server 11 SP4
  • ofed >= 1.5.4.1-20.26
  • ofed-doc >= 1.5.4.1-20.26
  • ofed-kmp-default >= 1.5.4.1_3.0.101_63-20.26
  • ofed-kmp-pae >= 1.5.4.1_3.0.101_63-20.26
  • ofed-kmp-ppc64 >= 1.5.4.1_3.0.101_63-20.26
  • ofed-kmp-trace >= 1.5.4.1_3.0.101_63-20.26
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA ofed
SUSE Linux Enterprise Software Development Kit 11 SP4
  • ofed-devel >= 1.5.4.1-20.26
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA ofed-devel