Scientific Linux Security Update : RDMA stack on SL6.x i386/x86_64 (20131121)

medium Nessus Plugin ID 71294

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack.
(CVE-2013-2561)

It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications.
(CVE-2012-4516)

This advisory updates the following packages to the latest upstream releases, providing a number of bug fixes and enhancements over the previous versions :

Several bugs have been fixed in the openmpi, mpitests, ibutils, and infinipath-psm packages.

The most notable changes in these updated packages from the RDMA stack are the following :

- Multiple bugs in the Message Passing Interface (MPI) test packages were resolved, allowing more of the mpitest applications to pass on the underlying MPI implementations.

- The libmlx4 package now includes dracut module files to ensure that any necessary custom configuration of mlx4 port types is included in the initramfs dracut builds.

- Multiple test programs in the perftest and qperf packages now work properly over RoCE interfaces, or when specifying the use of rdmacm queue pairs.

- The mstflint package has been updated to the latest upstream version, which is now capable of burning firmware on newly released Mellanox Connect-IB hardware.

- A compatibility problem between the openmpi and infinipath-psm packages has been resolved with new builds of these packages.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?9c449f74

Plugin Details

Severity: Medium

ID: 71294

File Name: sl_20131121_RDMA_stack_on_SL6_x.nasl

Version: 1.5

Type: local

Agent: unix

Published: 12/10/2013

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:librdmacm-devel, p-cpe:/a:fermilab:scientific_linux:perftest-debuginfo, p-cpe:/a:fermilab:scientific_linux:libibverbs, p-cpe:/a:fermilab:scientific_linux:ibutils-libs, p-cpe:/a:fermilab:scientific_linux:infinipath-psm-debuginfo, p-cpe:/a:fermilab:scientific_linux:mpitests-mvapich2-psm, p-cpe:/a:fermilab:scientific_linux:librdmacm-debuginfo, p-cpe:/a:fermilab:scientific_linux:librdmacm-static, p-cpe:/a:fermilab:scientific_linux:libmlx4-static, p-cpe:/a:fermilab:scientific_linux:infinipath-psm-devel, p-cpe:/a:fermilab:scientific_linux:mpitests-mvapich-psm, p-cpe:/a:fermilab:scientific_linux:mpitests-openmpi, p-cpe:/a:fermilab:scientific_linux:infinipath-psm, p-cpe:/a:fermilab:scientific_linux:libmlx4, p-cpe:/a:fermilab:scientific_linux:openmpi-debuginfo, p-cpe:/a:fermilab:scientific_linux:librdmacm-utils, p-cpe:/a:fermilab:scientific_linux:libibverbs-devel-static, p-cpe:/a:fermilab:scientific_linux:librdmacm, p-cpe:/a:fermilab:scientific_linux:qperf-debuginfo, p-cpe:/a:fermilab:scientific_linux:qperf, p-cpe:/a:fermilab:scientific_linux:mpitests-mvapich2, p-cpe:/a:fermilab:scientific_linux:ibutils-debuginfo, p-cpe:/a:fermilab:scientific_linux:libibverbs-utils, p-cpe:/a:fermilab:scientific_linux:openmpi-devel, p-cpe:/a:fermilab:scientific_linux:libibverbs-debuginfo, p-cpe:/a:fermilab:scientific_linux:mpitests-debuginfo, x-cpe:/o:fermilab:scientific_linux, p-cpe:/a:fermilab:scientific_linux:ibutils-devel, p-cpe:/a:fermilab:scientific_linux:rdma, p-cpe:/a:fermilab:scientific_linux:openmpi, p-cpe:/a:fermilab:scientific_linux:perftest, p-cpe:/a:fermilab:scientific_linux:libmlx4-debuginfo, p-cpe:/a:fermilab:scientific_linux:mpitests-mvapich, p-cpe:/a:fermilab:scientific_linux:mstflint, p-cpe:/a:fermilab:scientific_linux:libibverbs-devel, p-cpe:/a:fermilab:scientific_linux:ibutils, p-cpe:/a:fermilab:scientific_linux:mstflint-debuginfo

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 11/21/2013

Vulnerability Publication Date: 10/22/2012

Reference Information

CVE: CVE-2012-4516, CVE-2013-2561