ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ibacm | Openfabrics | 1.0.7 (including) | 1.0.7 (including) |
| Red Hat Enterprise Linux 6 | RedHat | ibacm-0:1.0.8-0.git7a3adb7.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | ibsim-0:0.5-7.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | ibutils-0:1.5.7-7.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | infiniband-diags-0:1.5.12-5.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | infinipath-psm-0:3.0.1-115.1015_open.1.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | libibmad-0:1.3.9-1.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | libibumad-0:1.3.8-1.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | libibverbs-0:1.1.6-5.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | libmlx4-0:1.0.4-1.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | librdmacm-0:1.0.17-0.git4b5c1aa.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | opensm-0:3.3.15-1.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | rdma-0:3.6-1.el6 | * |
References
- http://git.openfabrics.org/git?p=~shefty/ibacm.git%3Ba=commit%3Bh=d204fca2b6298d7799e918141ea8e11e7ad43cec
- http://rhn.redhat.com/errata/RHSA-2013-0509.html
- http://www.openwall.com/lists/oss-security/2012/10/11/6
- http://www.openwall.com/lists/oss-security/2012/10/11/9
- http://www.securityfocus.com/bid/55890
- http://git.openfabrics.org/git?p=~shefty/ibacm.git%3Ba=commit%3Bh=d204fca2b6298d7799e918141ea8e11e7ad43cec
- http://rhn.redhat.com/errata/RHSA-2013-0509.html
- http://www.openwall.com/lists/oss-security/2012/10/11/6
- http://www.openwall.com/lists/oss-security/2012/10/11/9
- http://www.securityfocus.com/bid/55890