CVE-2008-3277 — MEDIUM (4.4)

Vulnerability Description

Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header.

CVSS Score

4.4

MEDIUM

AV:L/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Openfabrics	Ibutils	1.5.7-2
Redhat	Enterprise Linux	6.0

Related Weaknesses (CWE)

CWE-22

References

http://rhn.redhat.com/errata/RHSA-2012-0311.htmlVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=457935Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-0311.htmlVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=457935Vendor Advisory

FAQ

What is CVE-2008-3277?

CVE-2008-3277 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2...

How severe is CVE-2008-3277?

CVE-2008-3277 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3277?

Check the references section above for vendor advisories and patch information. Affected products include: Openfabrics Ibutils, Redhat Enterprise Linux.