Vulnerability Name:

CVE-2008-3277 (CCN-92713)

Assigned:2008-06-12
Published:2008-06-12
Updated:2019-04-22
Summary:Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
3.5 Low (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P)
2.6 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-22
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2008-3277

Source: REDHAT
Type: Vendor Advisory
RHSA-2012:0311

Source: CCN
Type: Red Hat Bugzilla Bug 457935
(CVE-2008-3277) CVE-2008-3277 ibutils: insecure relative RPATH

Source: CONFIRM
Type: Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=457935

Source: XF
Type: UNKNOWN
ibutils-cve20083277-priv-esc(92713)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2008-3277

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openfabrics:ibutils:1.5.7-2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:openfabrics:ibutils:1.2-11.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:enterprise_linux:6:*:*:*:*:*:*:*
  • OR cpe:/a:openfabrics:ibutils:1.5.7-2:*:*:*:*:*:*:*
  • OR cpe:/a:openfabrics:ibutils:1.2-11.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:42326
    P
    		Security update for python-M2Crypto (Important)
    2022-07-27
    oval:org.opensuse.security:def:20083277
    V
    		CVE-2008-3277
    2022-05-20
    oval:org.opensuse.security:def:33113
    P
    		Security update for virglrenderer (Important) (in QA)
    2022-01-17
    oval:org.opensuse.security:def:31753
    P
    		Security update for net-snmp (Important)
    2022-01-05
    oval:org.opensuse.security:def:26187
    P
    		Security update for libvpx (Moderate)
    2021-12-23
    oval:org.opensuse.security:def:26172
    P
    		Security update for webkit2gtk3 (Important)
    2021-11-23
    oval:org.opensuse.security:def:32226
    P
    		Security update for webkit2gtk3 (Important)
    2021-11-23
    oval:org.opensuse.security:def:31702
    P
    		Security update for qemu (Important)
    2021-11-10
    oval:org.opensuse.security:def:31696
    P
    		Security update for postgresql10 (Important)
    2021-10-20
    oval:org.opensuse.security:def:32206
    P
    		Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-10-18
    oval:org.opensuse.security:def:26148
    P
    		Security update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags (Important)
    2021-10-15
    oval:org.opensuse.security:def:26125
    P
    		Security update for grilo (Important)
    2021-09-09
    oval:org.opensuse.security:def:32162
    P
    		Security update for libcares2 (Important)
    2021-08-16
    oval:org.opensuse.security:def:26099
    P
    		Security update for libsndfile (Critical)
    2021-08-05
    oval:org.opensuse.security:def:32140
    P
    		Security update for MozillaFirefox (Important)
    2021-07-16
    oval:org.opensuse.security:def:36150
    P
    		ibutils-1.5.7-0.15.22 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36419
    P
    		ibutils-1.5.7-0.15.22 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42557
    P
    		ibutils-1.5.7-0.15.22 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:32101
    P
    		Security update for libwebp (Critical)
    2021-06-02
    oval:org.opensuse.security:def:31628
    P
    		Security update for dhcp (Important)
    2021-06-01
    oval:org.opensuse.security:def:26046
    P
    		Security update for libxml2 (Moderate)
    2021-05-05
    oval:org.opensuse.security:def:26044
    P
    		Security update for avahi (Moderate)
    2021-05-04
    oval:org.opensuse.security:def:31616
    P
    		Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:31617
    P
    		Security update for samba (Important)
    2021-05-04
    oval:org.opensuse.security:def:26041
    P
    		Security update for samba (Important)
    2021-04-29
    oval:org.opensuse.security:def:32070
    P
    		Security update for clamav (Important)
    2021-04-14
    oval:org.opensuse.security:def:31604
    P
    		Security update for spamassassin (Important)
    2021-04-12
    oval:org.opensuse.security:def:32282
    P
    		Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:26201
    P
    		Security update for java-1_8_0-ibm (Important)
    2021-02-26
    oval:org.opensuse.security:def:33074
    P
    		Security update for jasper (Important)
    2021-02-16
    oval:org.opensuse.security:def:25984
    P
    		Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:25980
    P
    		Security update for MozillaFirefox (Critical)
    2020-12-21
    oval:org.opensuse.security:def:25969
    P
    		Security update for xen (Important)
    2020-12-03
    oval:org.opensuse.security:def:35919
    P
    		ibutils-1.5.7-0.7.31 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:25481
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26545
    P
    		file-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31386
    P
    		Security update for openvpn-openssl1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25895
    P
    		Security update for pcsc-lite (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26744
    P
    		libexif on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25903
    P
    		Security update for util-linux (Important)
    2020-12-01
    oval:org.opensuse.security:def:26329
    P
    		Security update for znc (Low)
    2020-12-01
    oval:org.opensuse.security:def:32883
    P
    		ibutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27113
    P
    		ecryptfs-utils-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25469
    P
    		Security update for ncurses (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26310
    P
    		Security update for Cloud Compute 12 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32392
    P
    		Security update for tomcat6 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25754
    P
    		Security update for flash-player (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26686
    P
    		dhcpcd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31472
    P
    		Security update for ppp (Important)
    2020-12-01
    oval:org.opensuse.security:def:25711
    P
    		Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31996
    P
    		Security update for java-1_7_1-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26918
    P
    		ibutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31926
    P
    		Recommended update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:26431
    P
    		Security update for tor (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32331
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25545
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26598
    P
    		libpulse-browse0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31387
    P
    		Security update for openvpn-openssl1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27382
    P
    		cscope on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25699
    P
    		Security update for dnsmasq (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26245
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26378
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:27148
    P
    		ibutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25470
    P
    		Security update for permissions (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26394
    P
    		Security update for chromium (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32436
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25811
    P
    		Security update for libvirt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26700
    P
    		freetype2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25775
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:32052
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26276
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32844
    P
    		cvs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25968
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31983
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26475
    P
    		Recommended update for enigmail (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26253
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32370
    P
    		Recommended update for tboot (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25673
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26647
    P
    		w3m on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31398
    P
    		Security update for perl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27417
    P
    		ibutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25700
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:31840
    P
    		Security update for bsdtar (Important)
    2020-12-01
    oval:org.opensuse.security:def:26883
    P
    		dhcp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31834
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:26417
    P
    		Security update for Mozilla Thunderbird (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:23273
    P
    		ELSA-2012:0311: ibutils security and bug fix update (Low)
    2014-05-26
    oval:org.mitre.oval:def:21291
    P
    		RHSA-2012:0311: ibutils security and bug fix update (Low)
    2014-02-24
    oval:com.redhat.rhsa:def:20120311
    P
    		RHSA-2012:0311: ibutils security and bug fix update (Low)
    2012-02-21
    BACK
    openfabrics ibutils 1.5.7-2
    redhat enterprise linux 6.0
    openfabrics ibutils 1.2-11.2
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    openfabrics ibutils 1.5.7-2
    openfabrics ibutils 1.2-11.2