CVE-2008-3277

Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
openfabricsibutils
1.5.7-2
openfabricsibutils
1.2-11.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ibutils
sid
1.5.7+0.2.gbd7e502-3
fixed
bookworm
1.5.7+0.2.gbd7e502-3
fixed
bullseye
1.5.7+0.2.gbd7e502-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ibutils
oneiric
not-affected
natty
not-affected
maverick
dne
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2012-0311.html
https://bugzilla.redhat.com/show_bug.cgi?id=457935
http://rhn.redhat.com/errata/RHSA-2012-0311.html
https://bugzilla.redhat.com/show_bug.cgi?id=457935