A security flaw was found in the way ibacm, an InfiniBand communication manager assistant, created files used by ib_acm service - they were created with world writable permissions. A local attacker could use this flaw to 1) overwrite content of ib_acm daemon log file or 2) overwrite content of ib_acm daemon ibacm.port file (ability to mask certain actions or cause ib_acm to run on non-default port). Upstream patch: [1] http://git.openfabrics.org/git?p=~shefty/ibacm.git;a=commit;h=d204fca2b6298d7799e918141ea8e11e7ad43cec Acknowledgements: This issue was discovered by Florian Weimer of Red Hat Product Security Team and Kurt Seifried of the Red Hat Security Response Team.
This issue affects the version of the ibacm package, as shipped with Red Hat Enterprise Linux 6.
CVE Request: [2] http://www.openwall.com/lists/oss-security/2012/10/11/6
This was assigned CVE-2012-4518.
*** Bug 887004 has been marked as a duplicate of this bug. ***
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0509 https://rhn.redhat.com/errata/RHSA-2013-0509.html
Statement: (none)