A security flaw was found in the way librdmacm, a userspace RDMA Communication Managment API allowing to specify connections using TCP/IP addresses even though it opens RDMA specific connections, performed binding to the underlying ib_acm service (librdmacm used default port value of 6125 to bind to ib_acm service). An attacker able to run a rogue ib_acm service could use this flaw to make librdmacm applications to use potentially bogus address resolution information.
This issue was discovered by Florian Weimer of Red Hat Product Security Team.
This issue did not affect the version of the librdmacm package, as shipped with Red Hat Enterprise Linux 5.
This issue affects the version of the librdmacm package, as shipped with Red Hat Enterprise Linux 6.
This issue affects the versions of the librdmacm package, as shipped with Fedora release of 16 and 17. Please schedule an update.
Created librdmacm tracking bugs for this issue
Affects: fedora-all [bug 865510]
This was assigned CVE-2012-4516.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:1661 https://rhn.redhat.com/errata/RHSA-2013-1661.html