From oss-security: Issue #2 ibacm - DoS (ib_acm deamon crash) by joining responses for multicast destinations: =========================================================================================== A denial of service flaw was found in the way ibacm, an InfiniBand communication manager assistant, performed management of reference counts for multicast connections. The default reference count value for multicast connection is set to zero and when the multicast connection got released, an attempt was made to free it, possibly resulting in ib_acm service / daemon crash. References: https://bugzilla.redhat.com/show_bug.cgi?id=865492 Relevant upstream patch: http://git.openfabrics.org/git?p=~shefty/ibacm.git;a=commit;h=c7d28b35d64333c262de3ec972c426423dadccf9 Issue previously corrected by upstream and its security implications pointed out later by Florian Weimer of Red Hat Product Security Team. Issue #3 ibacm - ib_acm service files created with world writable permissions (DoS): ==================================================================================== A security flaw was found in the way ibacm, an InfiniBand communication manager assistant, created files used by ib_acm service - they were created with world writable permissions. A local attacker could use this flaw to 1) overwrite content of ib_acm daemon log file or 2) overwrite content of ib_acm daemon ibacm.port file (ability to mask certain actions or cause ib_acm to run on non-default port). References: https://bugzilla.redhat.com/show_bug.cgi?id=865499 Relevant upstream patch: http://git.openfabrics.org/git?p=~shefty/ibacm.git;a=commit;h=d204fca2b6298d7799e918141ea8e11e7ad43cec Credit: This issue was discovered by Florian Weimer of Red Hat Product Security Team.
CVE-2012-4518 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4518): ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file. CVE-2012-4517 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4517): ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response.
1.0.8 seems to be available. Bump required.
1.0.8 is in tree. @maintainers, please cleanup vulnerable version 1.0.7 in tree. Once complete feel free to close this bug. GLSA Vote: No
Old versions removed from tree
(In reply to Alexey Shvetsov from comment #4) > Old versions removed from tree Thanks so much, Alexey!