A security flaw was found in the way librdmacm, a userspace RDMA Communication Managment API allowing to specify connections using TCP/IP addresses even though it opens RDMA specific connections, performed binding to the underlying ib_acm service (librdmacm used default port value of 6125 to bind to ib_acm service). An attacker able to run a rogue ib_acm service could use this flaw to make librdmacm applications to use potentially bogus address resolution information. Upstream patch: [1] http://git.openfabrics.org/git?p=~shefty/librdmacm.git;a=commitdiff;h=4b5c1aa734e0e734fc2ba3cd41d0ddf02170af6d Acknowledgements: This issue was discovered by Florian Weimer of Red Hat Product Security Team.
This issue did not affect the version of the librdmacm package, as shipped with Red Hat Enterprise Linux 5. -- This issue affects the version of the librdmacm package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the versions of the librdmacm package, as shipped with Fedora release of 16 and 17. Please schedule an update.
CVE Request: [2] http://www.openwall.com/lists/oss-security/2012/10/11/6
Created librdmacm tracking bugs for this issue Affects: fedora-all [bug 865510]
This was assigned CVE-2012-4516.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1661 https://rhn.redhat.com/errata/RHSA-2013-1661.html
Statement: (none)