Detections
Analytics
Scientific Linux Security Update : RDMA stack on SL6.x i386/x86_64 (20131121)
medium Nessus Plugin ID 71294
Language:
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack.(CVE-2013-2561)
It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications.
(CVE-2012-4516)
This advisory updates the following packages to the latest upstream releases, providing a number of bug fixes and enhancements over the previous versions :
Several bugs have been fixed in the openmpi, mpitests, ibutils, and infinipath-psm packages.
The most notable changes in these updated packages from the RDMA stack are the following :
- Multiple bugs in the Message Passing Interface (MPI) test packages were resolved, allowing more of the mpitest applications to pass on the underlying MPI implementations.
- The libmlx4 package now includes dracut module files to ensure that any necessary custom configuration of mlx4 port types is included in the initramfs dracut builds.
- Multiple test programs in the perftest and qperf packages now work properly over RoCE interfaces, or when specifying the use of rdmacm queue pairs.
- The mstflint package has been updated to the latest upstream version, which is now capable of burning firmware on newly released Mellanox Connect-IB hardware.
- A compatibility problem between the openmpi and infinipath-psm packages has been resolved with new builds of these packages.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 71294
File Name: sl_20131121_RDMA_stack_on_SL6_x.nasl
Version: 1.5
Type: local
Agent: unix
Published: 12/10/2013
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.3
Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:fermilab:scientific_linux:librdmacm-devel, p-cpe:/a:fermilab:scientific_linux:perftest-debuginfo, p-cpe:/a:fermilab:scientific_linux:libibverbs, p-cpe:/a:fermilab:scientific_linux:ibutils-libs, p-cpe:/a:fermilab:scientific_linux:infinipath-psm-debuginfo, p-cpe:/a:fermilab:scientific_linux:mpitests-mvapich2-psm, p-cpe:/a:fermilab:scientific_linux:librdmacm-debuginfo, p-cpe:/a:fermilab:scientific_linux:librdmacm-static, p-cpe:/a:fermilab:scientific_linux:libmlx4-static, p-cpe:/a:fermilab:scientific_linux:infinipath-psm-devel, p-cpe:/a:fermilab:scientific_linux:mpitests-mvapich-psm, p-cpe:/a:fermilab:scientific_linux:mpitests-openmpi, p-cpe:/a:fermilab:scientific_linux:infinipath-psm, p-cpe:/a:fermilab:scientific_linux:libmlx4, p-cpe:/a:fermilab:scientific_linux:openmpi-debuginfo, p-cpe:/a:fermilab:scientific_linux:librdmacm-utils, p-cpe:/a:fermilab:scientific_linux:libibverbs-devel-static, p-cpe:/a:fermilab:scientific_linux:librdmacm, p-cpe:/a:fermilab:scientific_linux:qperf-debuginfo, p-cpe:/a:fermilab:scientific_linux:qperf, p-cpe:/a:fermilab:scientific_linux:mpitests-mvapich2, p-cpe:/a:fermilab:scientific_linux:ibutils-debuginfo, p-cpe:/a:fermilab:scientific_linux:libibverbs-utils, p-cpe:/a:fermilab:scientific_linux:openmpi-devel, p-cpe:/a:fermilab:scientific_linux:libibverbs-debuginfo, p-cpe:/a:fermilab:scientific_linux:mpitests-debuginfo, x-cpe:/o:fermilab:scientific_linux, p-cpe:/a:fermilab:scientific_linux:ibutils-devel, p-cpe:/a:fermilab:scientific_linux:rdma, p-cpe:/a:fermilab:scientific_linux:openmpi, p-cpe:/a:fermilab:scientific_linux:perftest, p-cpe:/a:fermilab:scientific_linux:libmlx4-debuginfo, p-cpe:/a:fermilab:scientific_linux:mpitests-mvapich, p-cpe:/a:fermilab:scientific_linux:mstflint, p-cpe:/a:fermilab:scientific_linux:libibverbs-devel, p-cpe:/a:fermilab:scientific_linux:ibutils, p-cpe:/a:fermilab:scientific_linux:mstflint-debuginfo
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Patch Publication Date: 11/21/2013
Vulnerability Publication Date: 10/22/2012
Reference Information
CVE: CVE-2012-4516, CVE-2013-2561