CVE-2013-2561

Priority
Description
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files
via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3)
ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6)
ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9)
ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.5.7-3ubuntu3)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.5.7-5ubuntu1)
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#hardlink
This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#symlink
More Information

Updated: 2019-09-19 14:15:21 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)