Detections
Analytics

MiracleLinux 4 : ibutils-1.5.7-8.AXS4, libibverbs-1.1.7-1.AXS4, libmlx4-1.0.5-4.AXS4.1, librdmacm-1.0.17-1.AXS4, mpit (AXSA:2014-192:01)

medium Nessus Plugin ID 291517

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-192:01 advisory.

 ibutils: provides IB network and path diagnostics.
 infinipath-psm: The PSM Messaging API, or PSM API, is QLogic's low-level user-level communications interface for the Truescale family of products. PSM users are enabled with mechanisms necessary to implement higher level communications interfaces in parallel environments.
 libibverbs: libibverbs is a library that allows userspace processes to use RDMA verbs as described in the InfiniBand Architecture Specification and the RDMA Protocol Verbs Specification. This includes direct hardware access from userspace to InfiniBand/iWARP adapters (kernel bypass) for fast path operations. For this library to be useful, a device-specific plug-in module should also be installed.
 libmlx4: libmlx4 provides a device-specific userspace driver for Mellanox ConnectX HCAs for use with the libibverbs library.
 librdmacm: librdmacm provides a userspace RDMA Communication Managment API.
 mpitests: This package provides debug information for package mpitests. Debug information is useful when developing applications that use this package or when debugging this package.
 mstflint: This package contains a burning tool for Mellanox manufactured HCA cards. It also provides access to the relevant source code.
 openmpi: Open MPI is an open source, freely available implementation of both the MPI-1 and MPI-2 standards, combining technologies and resources from several other projects (FT-MPI, LA-MPI, LAM/MPI, and PACX-MPI) in order to build the best MPI library available. A completely new MPI-2 compliant implementation, Open MPI offers advantages for system and software vendors, application developers, and computer science researchers. For more information, see http://www.open-mpi.org/ .
 perftest: Perftest is a collection of simple test programs designed to utilize RDMA communications and provide performance numbers over those RDMA connections. It does not work on normal TCP/IP networks, only on RDMA networks.
 qperf: Measure socket and RDMA performance.
 rdma: User space initialization scripts for the kernel InfiniBand/iWARP drivers Security issues fixed with this release:
 CVE-2012-4516 librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service.
 CVE-2013-2561 OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/4691

Plugin Details

Severity: Medium

ID: 291517

File Name: miracle_linux_AXSA-2014-192.nasl

Version: 1.1

Type: local

Published: 1/19/2026

Updated: 1/19/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C

CVSS Score Source: CVE-2013-2561

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:libibverbs, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:librdmacm-devel, p-cpe:/a:miracle:linux:librdmacm-utils, p-cpe:/a:miracle:linux:librdmacm, p-cpe:/a:miracle:linux:infinipath-psm, p-cpe:/a:miracle:linux:openmpi, p-cpe:/a:miracle:linux:perftest, p-cpe:/a:miracle:linux:mpitests-mvapich2, p-cpe:/a:miracle:linux:mstflint, p-cpe:/a:miracle:linux:openmpi-devel, p-cpe:/a:miracle:linux:ibutils-libs, p-cpe:/a:miracle:linux:mpitests-openmpi, p-cpe:/a:miracle:linux:libibverbs-utils, p-cpe:/a:miracle:linux:rdma, p-cpe:/a:miracle:linux:ibutils, p-cpe:/a:miracle:linux:qperf, p-cpe:/a:miracle:linux:libibverbs-devel, p-cpe:/a:miracle:linux:libmlx4, p-cpe:/a:miracle:linux:mpitests-mvapich

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/11/2014

Vulnerability Publication Date: 10/12/2012

Reference Information

CVE: CVE-2012-4516, CVE-2013-2561