CVE-2012-4516

librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service.

Affected Software

Name	Vendor	Start Version	End Version
Librdmacm	Openfabrics	1.0.16 (including)	1.0.16 (including)
Red Hat Enterprise Linux 6	RedHat	ibutils-0:1.5.7-8.el6	*
Red Hat Enterprise Linux 6	RedHat	infinipath-psm-0:3.0.1-115.1015_open.2.el6	*
Red Hat Enterprise Linux 6	RedHat	libibverbs-0:1.1.7-1.el6	*
Red Hat Enterprise Linux 6	RedHat	libmlx4-0:1.0.5-4.el6.1	*
Red Hat Enterprise Linux 6	RedHat	librdmacm-0:1.0.17-1.el6	*
Red Hat Enterprise Linux 6	RedHat	mpitests-0:3.2-9.el6	*
Red Hat Enterprise Linux 6	RedHat	mstflint-0:3.0-0.6.g6961daa.1.el6	*
Red Hat Enterprise Linux 6	RedHat	openmpi-0:1.5.4-2.el6	*
Red Hat Enterprise Linux 6	RedHat	perftest-0:2.0-2.el6	*
Red Hat Enterprise Linux 6	RedHat	qperf-0:0.4.9-1.el6	*
Red Hat Enterprise Linux 6	RedHat	rdma-0:3.10-3.el6	*
Librdmacm	Ubuntu	artful	*
Librdmacm	Ubuntu	esm-infra-legacy/trusty	*
Librdmacm	Ubuntu	oneiric	*
Librdmacm	Ubuntu	precise	*
Librdmacm	Ubuntu	precise/esm	*
Librdmacm	Ubuntu	quantal	*
Librdmacm	Ubuntu	raring	*
Librdmacm	Ubuntu	saucy	*
Librdmacm	Ubuntu	trusty	*
Librdmacm	Ubuntu	trusty/esm	*
Librdmacm	Ubuntu	utopic	*
Librdmacm	Ubuntu	vivid	*
Librdmacm	Ubuntu	wily	*
Librdmacm	Ubuntu	yakkety	*
Librdmacm	Ubuntu	zesty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-4516
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References