CVE-2008-1951

Name of the Vulnerable Software and Affected Versions sblim-cmpi-base-test versions 1.5.4 through 1.5.5 sblim-cmpi-base-devel versions 1.5.4 through 1.5.5 sblim-cmpi-fsvol-test version 1.4.4 sblim-cmpi-fsvol-devel version 1.4.4 sblim-cmpi-network-test version 1.3.8 sblim-cmpi-network-devel version 1.3.8 sblim-cmpi-dns-test version 1 sblim-cmpi-dns-devel version 1 sblim-cmpi-samba-test version 1 sblim-cmpi-samba-devel version 1 sblim-cmpi-sysfs-test version 1.1.9 sblim-cmpi-syslog-test version 0.7.11 sblim-cmpi-nfsv3-test version 1.0.14 sblim-cmpi-nfsv4-test version 1.0.12 sblim-cmpi-params-test version 1.2.6 sblim-gather-test version 2.1.2 sblim-gather-devel version 2.1.2 sblim-testsuite version 1.2.4 sblim-tools-libra-devel version 0.2.3 sblim version 1 sblim version 1-31.el5 2.1

Description The issue is related to an untrusted search path vulnerability in certain Red Hat build scripts for Standards Based Linux Instrumentation for Manageability (sblim) libraries. This vulnerability can be exploited locally, allowing attackers to gain privileges via a malicious library in a certain subdirectory of /var/tmp. The exploitation is related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus. The vulnerability may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For sblim-cmpi-base-test versions 1.5.4 through 1.5.5, update to a fixed version. For sblim-cmpi-base-devel versions 1.5.4 through 1.5.5, update to a fixed version. For sblim-cmpi-fsvol-test version 1.4.4, update to a fixed version. For sblim-cmpi-fsvol-devel version 1.4.4, update to a fixed version. For sblim-cmpi-network-test version 1.3.8, update to a fixed version. For sblim-cmpi-network-devel version 1.3.8, update to a fixed version. For sblim-cmpi-dns-test version 1, update to a fixed version. For sblim-cmpi-dns-devel version 1, update to a fixed version. For sblim-cmpi-samba-test version 1, update to a fixed version. For sblim-cmpi-samba-devel version 1, update to a fixed version. For sblim-cmpi-sysfs-test version 1.1.9, update to a fixed version. For sblim-cmpi-syslog-test version 0.7.11, update to a fixed version. For sblim-cmpi-nfsv3-test version 1.0.14, update to a fixed version. For sblim-cmpi-nfsv4-test version 1.0.12, update to a fixed version. For sblim-cmpi-params-test version 1.2.6, update to a fixed version. For sblim-gather-test version 2.1.2, update to a fixed version. For sblim-gather-devel version 2.1.2, update to a fixed version. For sblim-testsuite version 1.2.4, update to a fixed version. For sblim-tools-libra-devel version 0.2.3, update to a fixed version. For sblim version 1, update to a fixed version. For sblim version 1-31.el5 2.1, update to a fixed version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.