Vulnerability Description
librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service.
CVSS Score
5.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openfabrics | Librdmacm | 1.0.16 |
References
- http://git.openfabrics.org/git?p=~shefty/librdmacm.git%3Ba=commitdiff%3Bh=4b5c1a
- http://www.openwall.com/lists/oss-security/2012/10/11/6
- http://www.openwall.com/lists/oss-security/2012/10/11/9
- http://www.securityfocus.com/bid/55896
- https://bugzilla.redhat.com/show_bug.cgi?id=865483
- http://git.openfabrics.org/git?p=~shefty/librdmacm.git%3Ba=commitdiff%3Bh=4b5c1a
- http://www.openwall.com/lists/oss-security/2012/10/11/6
- http://www.openwall.com/lists/oss-security/2012/10/11/9
- http://www.securityfocus.com/bid/55896
- https://bugzilla.redhat.com/show_bug.cgi?id=865483
FAQ
What is CVE-2012-4516?
CVE-2012-4516 is a vulnerability with a CVSS score of 5.8 (MEDIUM). librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm servic...
How severe is CVE-2012-4516?
CVE-2012-4516 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4516?
Check the references section above for vendor advisories and patch information. Affected products include: Openfabrics Librdmacm.