CVE-2013-2561

Name of the Vulnerable Software and Affected Versions OpenFabrics ibutils version 1.5.7

Description The issue allows local users to overwrite arbitrary files via a symlink attack on several files in /tmp/, including ibdiagnet.db, ibdiagnet.fdbs, ibdiagnet ibis.log, ibdiagnet.log, ibdiagnet.lst, ibdiagnet.mcfdbs, ibdiagnet.pkey, ibdiagnet.psl, ibdiagnet.slvl, and ibdiagnet.sm.

Recommendations For OpenFabrics ibutils version 1.5.7, consider restricting access to the files in /tmp/ that are vulnerable to the symlink attack until a patch is available. As a temporary workaround, avoid using the vulnerable files in /tmp/ to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.