Rapid7 Vulnerability & Exploit Database

RHSA-2008:0497: sblim security update

Back to Search

RHSA-2008:0497: sblim security update

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
06/25/2008
Created
07/25/2018
Added
07/08/2008
Modified
07/04/2017

Description

Updated sblim packages that resolve a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

SBLIM stands for Standards-Based Linux Instrumentation for Manageability. It consists of a set of standards-based, Web-Based Enterprise Management (WBEM) modules that use the Common Information Model (CIM) standard to gather and provide systems management information, events, and methods to local or networked consumers via a CIM object services broker using the CMPI (Common Manageability Programming Interface) standard. This package provides a set of core providers and development tools for systems management applications. It was discovered that certain sblim libraries had an RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. This RPATH pointed to a sub-directory of a world-writable, temporary directory. A local user could create a file with the same name as a library required by sblim (such as libc.so) and place it in the directory defined in the RPATH. This file could then execute arbitrary code with the privileges of the user running an application that used sblim (eg tog-pegasus). (CVE-2008-1951) Users are advised to upgrade to these updated sblim packages, which resolve this issue.

Solution(s)

  • redhat-upgrade-sblim-cim-client
  • redhat-upgrade-sblim-cim-client-javadoc
  • redhat-upgrade-sblim-cim-client-manual
  • redhat-upgrade-sblim-cmpi-base
  • redhat-upgrade-sblim-cmpi-base-devel
  • redhat-upgrade-sblim-cmpi-base-test
  • redhat-upgrade-sblim-cmpi-devel
  • redhat-upgrade-sblim-cmpi-dns
  • redhat-upgrade-sblim-cmpi-dns-devel
  • redhat-upgrade-sblim-cmpi-dns-test
  • redhat-upgrade-sblim-cmpi-fsvol
  • redhat-upgrade-sblim-cmpi-fsvol-devel
  • redhat-upgrade-sblim-cmpi-fsvol-test
  • redhat-upgrade-sblim-cmpi-network
  • redhat-upgrade-sblim-cmpi-network-devel
  • redhat-upgrade-sblim-cmpi-network-test
  • redhat-upgrade-sblim-cmpi-nfsv3
  • redhat-upgrade-sblim-cmpi-nfsv3-test
  • redhat-upgrade-sblim-cmpi-nfsv4
  • redhat-upgrade-sblim-cmpi-nfsv4-test
  • redhat-upgrade-sblim-cmpi-params
  • redhat-upgrade-sblim-cmpi-params-test
  • redhat-upgrade-sblim-cmpi-samba
  • redhat-upgrade-sblim-cmpi-samba-devel
  • redhat-upgrade-sblim-cmpi-samba-test
  • redhat-upgrade-sblim-cmpi-sysfs
  • redhat-upgrade-sblim-cmpi-sysfs-test
  • redhat-upgrade-sblim-cmpi-syslog
  • redhat-upgrade-sblim-cmpi-syslog-test
  • redhat-upgrade-sblim-gather
  • redhat-upgrade-sblim-gather-devel
  • redhat-upgrade-sblim-gather-provider
  • redhat-upgrade-sblim-gather-test
  • redhat-upgrade-sblim-testsuite
  • redhat-upgrade-sblim-tools-libra
  • redhat-upgrade-sblim-tools-libra-devel
  • redhat-upgrade-sblim-wbemcli

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;