CVE-2010-1693

Publication date 26 October 2010

Last updated 24 July 2024

Description

openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ofa-kernel	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

this script is actually in ofa-kernel, not OFED. Currently, there is an ITP bug on ofa-kernel, but it is not in Debian or Ubuntu yet. Fix is in ofa_1_5_kernel/.../ofed_scripts/openibd from 2010-10-28 (see References).

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.openfabrics.org/downloads/ofa_1_5_kernel/
http://www.openfabrics.org/downloads/ofa_1_5_kernel/ofa_1_5_kernel-20101028-0200/ofed_scripts/openibd
https://www.cve.org/CVERecord?id=CVE-2010-1693