Red Hat Bugzilla – Bug 865499
CVE-2012-4518 ibacm: ibacm service files created with world writable permissions (DoS)
Last modified: 2015-10-23 10:23:41 EDT
A security flaw was found in the way ibacm, an InfiniBand communication manager assistant, created files used by ib_acm service - they were created with world writable permissions. A local attacker could use this flaw to 1) overwrite content of ib_acm daemon log file or 2) overwrite content of ib_acm daemon ibacm.port file (ability to mask certain actions or cause ib_acm to run on non-default port).
This issue was discovered by Florian Weimer of Red Hat Product Security Team and Kurt Seifried of the Red Hat Security Response Team.
This issue affects the version of the ibacm package, as shipped with Red Hat Enterprise Linux 6.
This was assigned CVE-2012-4518.
*** Bug 887004 has been marked as a duplicate of this bug. ***
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0509 https://rhn.redhat.com/errata/RHSA-2013-0509.html