CVE-2010-4173

Published: Nov 22, 2010Modified: Apr 29, 2026

3.3

Vector

AV:L/AC:M/Au:N/C:N/I:P/A:P

Exploitability: 3.4 / Impact: 4.9

Source: NVD

Description

The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.

Affected (6)

Products: Openfabrics: Libsdp

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Openfabrics Libsdp	Up to 1.1.104
Openfabrics Libsdp	Version 1.1.100
Openfabrics Libsdp	Version 1.1.101
Openfabrics Libsdp	Version 1.1.102
Openfabrics Libsdp	Version 1.1.103
Openfabrics Libsdp	Version 1.1.99

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (8)

http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz

Source: secalert@redhat.com

Patch

http://www.openwall.com/lists/oss-security/2010/11/16/2

Source: secalert@redhat.com

Patch

http://www.openwall.com/lists/oss-security/2010/11/16/7

Source: secalert@redhat.com

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=647941

Source: secalert@redhat.com

Patch

http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.openwall.com/lists/oss-security/2010/11/16/2

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.openwall.com/lists/oss-security/2010/11/16/7

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=647941

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.