What is the severity of REDHAT-BUG-647941?

The severity of REDHAT-BUG-647941 is considered high due to the potential for insecure log file handling.

How do I fix REDHAT-BUG-647941?

To fix REDHAT-BUG-647941, it is recommended to update libsdp to the latest version that addresses the insecure log file handling vulnerability.

What versions of libsdp are affected by REDHAT-BUG-647941?

Versions of libsdp up to and including 1.1.105 are affected by REDHAT-BUG-647941.

What is the primary risk associated with REDHAT-BUG-647941?

The primary risk associated with REDHAT-BUG-647941 is the potential for sensitive information to be exposed through improperly managed log files.

Who reported REDHAT-BUG-647941?

REDHAT-BUG-647941 was reported by Leif Nixon, highlighting concerns about the security of libsdp.

Vulnerability/
REDHAT-BUG-647941

low

CWE

362

29/10/2010

11/5/2023

REDHAT-BUG-647941: Race Condition

First published: Fri Oct 29 2010(Updated: )

Leif Nixon reported that libsdp is vulnerable to insecure log file handling. libsdp is a library that is supposed to be LD_PRELOAD'd to enable an application to communicate over the Infiniband SDP protocol instead of ordinary TCP. When libsdp is dlopened, by default it will fopen a log file with a predictable name: /var/log/libsdp for root processes, and /tmp/libsdp.log.$UID for non-root processes. The root process log file is suitably protected, however the non-root processes are not. The vulnerable code is in src/log.c, which does first check that the destination is not a symlink, in which case it will refuse to open it. However, this is still vulnerable to a hardlink attack, and a race condition where a symlink can be created between the lstat() call and the fopen() call: 192 /* double check the file is not a link */ 193 status = lstat(tfilename, &lstat_res); 194 if ( (status == 0) && S_ISLNK(lstat_res.st_mode) ) { 195 __sdp_log( 9, "Cowardly refusing to log into:'%s'. " 196 "It is a link - thus is a security issue.\n", tfilename ); 197 return 0; 198 } 199 200 f = fopen( tfilename, "a" ); This vulnerability is fixed in the latest version of libsdp (libsdp-1.1.105-0.4.g1b9b996.tar.gz) available at: <a href="http://www.openfabrics.org/downloads/libsdp/">http://www.openfabrics.org/downloads/libsdp/</a> Acknowledgements: Red Hat would like to thank Leif Nixon for reporting this issue.

Affected Software	Affected Version	How to fix
OpenFabrics Libsdp	<1.1.105

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-647941?
The severity of REDHAT-BUG-647941 is considered high due to the potential for insecure log file handling.
How do I fix REDHAT-BUG-647941?
To fix REDHAT-BUG-647941, it is recommended to update libsdp to the latest version that addresses the insecure log file handling vulnerability.
What versions of libsdp are affected by REDHAT-BUG-647941?
Versions of libsdp up to and including 1.1.105 are affected by REDHAT-BUG-647941.
What is the primary risk associated with REDHAT-BUG-647941?
The primary risk associated with REDHAT-BUG-647941 is the potential for sensitive information to be exposed through improperly managed log files.
Who reported REDHAT-BUG-647941?
REDHAT-BUG-647941 was reported by Leif Nixon, highlighting concerns about the security of libsdp.

collector/redhat-bugzilla
alias/CVE-2010-4173
agent/type
agent/last-modified-date
agent/first-publish-date
agent/weakness
agent/severity
agent/references
agent/description
agent/event
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/openfabrics
canonical/openfabrics libsdp