This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
A flaw was found in the way ibutils handled temporary files. A local
attacker could use this flaw to cause arbitrary files to be
overwritten as the root user via a symbolic link attack.
It was discovered that librdmacm used a static port to connect to the
ib_acm service. A local attacker able to run a specially crafted
ib_acm service on that port could use this flaw to provide incorrect
address resolution information to librmdacm applications.
This advisory updates the following packages to the latest upstream
releases, providing a number of bug fixes and enhancements over the
previous versions :
Several bugs have been fixed in the openmpi, mpitests, ibutils, and
The most notable changes in these updated packages from the RDMA stack
are the following :
- Multiple bugs in the Message Passing Interface (MPI)
test packages were resolved, allowing more of the
mpitest applications to pass on the underlying MPI
- The libmlx4 package now includes dracut module files to
ensure that any necessary custom configuration of mlx4
port types is included in the initramfs dracut builds.
- Multiple test programs in the perftest and qperf
packages now work properly over RoCE interfaces, or when
specifying the use of rdmacm queue pairs.
- The mstflint package has been updated to the latest
upstream version, which is now capable of burning
firmware on newly released Mellanox Connect-IB hardware.
- A compatibility problem between the openmpi and
infinipath-psm packages has been resolved with new
builds of these packages.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.3
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 71294 ()
CVE ID: CVE-2012-4516CVE-2013-2561
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.