Oracle Solaris Third-Party Patch Update : ibutils (cve_2013_2561_link_following)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- OpenFabrics ibutils 1.5.7 allows local users to
overwrite arbitrary files via a symlink attack on (1)
ibdiagnet.db, (2) ibdiagnet.fdbs, (3)
ibdiagnet_ibis.log, (4) ibdiagnet.log, (5)
ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey,
(8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10)
ibdiagnet.sm in /tmp/. (CVE-2013-2561)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?95937094

Solution :

Upgrade to Solaris 11.1.16.5.0.

Risk factor :

Medium / CVSS Base Score : 6.3
(CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C)

Family: Solaris Local Security Checks

Nessus Plugin ID: 80640 ()

Bugtraq ID:

CVE ID: CVE-2013-2561

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now