3.6 - CVE-2012-4518

Executive Summary

Informations
Name	CVE-2012-4518	First vendor Publication	2012-10-22
Vendor	Cve	Last vendor Modification	2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:P)
Cvss Base Score	3.6	Attack Range	Local
Cvss Impact Score	4.9	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4518

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20927

Oval ID:	oval:org.mitre.oval:def:20927
Title:	RHSA-2013:0509: rdma security, bug fix and enhancement update (Low)
Description:	ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0509-02 CESA-2013:0509 CVE-2012-4517 CVE-2012-4518	Version:	31
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	ibacm infinipath-psm libibmad libibumad libibverbs libmlx4 librdmacm opensm rdma ibsim ibutils infiniband-diags
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section infinipath-psm-devel is earlier than 0:3.0.1-115.1015_open.1.el6 AND infinipath-psm is earlier than 0:3.0.1-115.1015_open.1.el6 AND rdma is earlier than 0:3.6-1.el6 AND libibverbs-devel is earlier than 0:1.1.6-5.el6 AND libibverbs is earlier than 0:1.1.6-5.el6 AND libibverbs-devel-static is earlier than 0:1.1.6-5.el6 AND libibverbs-utils is earlier than 0:1.1.6-5.el6 AND libmlx4-static is earlier than 0:1.0.4-1.el6 AND libmlx4 is earlier than 0:1.0.4-1.el6 AND libibumad is earlier than 0:1.3.8-1.el6 AND libibumad-devel is earlier than 0:1.3.8-1.el6 AND libibumad-static is earlier than 0:1.3.8-1.el6 AND libibmad-static is earlier than 0:1.3.9-1.el6 AND libibmad is earlier than 0:1.3.9-1.el6 AND libibmad-devel is earlier than 0:1.3.9-1.el6 AND opensm-static is earlier than 0:3.3.15-1.el6 AND opensm is earlier than 0:3.3.15-1.el6 AND opensm-devel is earlier than 0:3.3.15-1.el6 AND opensm-libs is earlier than 0:3.3.15-1.el6 AND ibutils is earlier than 0:1.5.7-7.el6 AND ibutils-libs is earlier than 0:1.5.7-7.el6 AND ibutils-devel is earlier than 0:1.5.7-7.el6 AND ibsim is earlier than 0:0.5-7.el6 AND ibacm is earlier than 0:1.0.8-0.git7a3adb7.el6 AND ibacm-devel is earlier than 0:1.0.8-0.git7a3adb7.el6 AND infiniband-diags-devel-static is earlier than 0:1.5.12-5.el6 AND infiniband-diags is earlier than 0:1.5.12-5.el6 AND infiniband-diags-devel is earlier than 0:1.5.12-5.el6 AND librdmacm-utils is earlier than 0:1.0.17-0.git4b5c1aa.el6 AND librdmacm is earlier than 0:1.0.17-0.git4b5c1aa.el6 AND librdmacm-static is earlier than 0:1.0.17-0.git4b5c1aa.el6 AND librdmacm-devel is earlier than 0:1.0.17-0.git4b5c1aa.el6

Definition Id: oval:org.mitre.oval:def:23567

Oval ID:	oval:org.mitre.oval:def:23567
Title:	ELSA-2013:0509: rdma security, bug fix and enhancement update (Low)
Description:	ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0509-02 CVE-2012-4517 CVE-2012-4518	Version:	13
Platform(s):	Oracle Linux 6	Product(s):	ibacm infinipath-psm libibmad libibumad libibverbs libmlx4 librdmacm opensm rdma ibsim ibutils infiniband-diags
Definition Synopsis:
Oracle Linux 6.x rpm test infinipath-psm-devel is earlier than 0:3.0.1-115.1015_open.1.el6 AND infinipath-psm is earlier than 0:3.0.1-115.1015_open.1.el6 AND rdma is earlier than 0:3.6-1.el6 AND libibverbs-devel is earlier than 0:1.1.6-5.el6 AND libibverbs is earlier than 0:1.1.6-5.el6 AND libibverbs-devel-static is earlier than 0:1.1.6-5.el6 AND libibverbs-utils is earlier than 0:1.1.6-5.el6 AND libmlx4-static is earlier than 0:1.0.4-1.el6 AND libmlx4 is earlier than 0:1.0.4-1.el6 AND libibumad is earlier than 0:1.3.8-1.el6 AND libibumad-devel is earlier than 0:1.3.8-1.el6 AND libibumad-static is earlier than 0:1.3.8-1.el6 AND libibmad-static is earlier than 0:1.3.9-1.el6 AND libibmad is earlier than 0:1.3.9-1.el6 AND libibmad-devel is earlier than 0:1.3.9-1.el6 AND opensm-static is earlier than 0:3.3.15-1.el6 AND opensm is earlier than 0:3.3.15-1.el6 AND opensm-devel is earlier than 0:3.3.15-1.el6 AND opensm-libs is earlier than 0:3.3.15-1.el6 AND ibutils is earlier than 0:1.5.7-7.el6 AND ibutils-libs is earlier than 0:1.5.7-7.el6 AND ibutils-devel is earlier than 0:1.5.7-7.el6 AND ibsim is earlier than 0:0.5-7.el6 AND ibacm is earlier than 0:1.0.8-0.git7a3adb7.el6 AND ibacm-devel is earlier than 0:1.0.8-0.git7a3adb7.el6 AND infiniband-diags-devel-static is earlier than 0:1.5.12-5.el6 AND infiniband-diags is earlier than 0:1.5.12-5.el6 AND infiniband-diags-devel is earlier than 0:1.5.12-5.el6 AND librdmacm-utils is earlier than 0:1.0.17-0.git4b5c1aa.el6 AND librdmacm is earlier than 0:1.0.17-0.git4b5c1aa.el6 AND librdmacm-static is earlier than 0:1.0.17-0.git4b5c1aa.el6 AND librdmacm-devel is earlier than 0:1.0.17-0.git4b5c1aa.el6

Definition Id: oval:org.mitre.oval:def:27520

Oval ID:	oval:org.mitre.oval:def:27520
Title:	DEPRECATED: ELSA-2013-0509 -- rdma security, bug fix and enhancement update (low)
Description:	A denial of service flaw was found in the way ibacm managed reference counts for multicast connections. An attacker could send specially-crafted multicast packets that would cause the ibacm daemon to crash. (CVE-2012-4517) It was found that the ibacm daemon created some files with world-writable permissions. A local attacker could use this flaw to overwrite the contents of the ibacm.log or ibacm.port file, allowing them to mask certain actions from the log or cause ibacm to run on a non-default port. (CVE-2012-4518)
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0509 CVE-2012-4517 CVE-2012-4518	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	ibacm infinipath-psm libibmad libibumad libibverbs libmlx4 librdmacm opensm rdma ibsim ibutils infiniband-diags
Definition Synopsis:
Oracle Linux 6.x Packages match section ibsim is earlier than 0:0.5-7.el6 AND ibutils is earlier than 0:1.5.7-7.el6 AND infiniband-diags is earlier than 0:1.5.12-5.el6 AND libibmad is earlier than 0:1.3.9-1.el6 AND libibumad is earlier than 0:1.3.8-1.el6 AND libibverbs is earlier than 0:1.1.6-5.el6 AND libmlx4 is earlier than 0:1.0.4-1.el6 AND opensm is earlier than 0:3.3.15-1.el6 AND rdma is earlier than 0:3.6-1.0.2.el6 AND ibutils-devel is earlier than 0:1.5.7-7.el6 AND ibutils-libs is earlier than 0:1.5.7-7.el6 AND infiniband-diags-devel is earlier than 0:1.5.12-5.el6 AND infiniband-diags-devel-static is earlier than 0:1.5.12-5.el6 AND libibmad-devel is earlier than 0:1.3.9-1.el6 AND libibmad-static is earlier than 0:1.3.9-1.el6 AND libibumad-devel is earlier than 0:1.3.8-1.el6 AND libibumad-static is earlier than 0:1.3.8-1.el6 AND libibverbs-devel is earlier than 0:1.1.6-5.el6 AND libibverbs-devel-static is earlier than 0:1.1.6-5.el6 AND libibverbs-utils is earlier than 0:1.1.6-5.el6 AND libmlx4-static is earlier than 0:1.0.4-1.el6 AND opensm-devel is earlier than 0:3.3.15-1.el6 AND opensm-libs is earlier than 0:3.3.15-1.el6 AND opensm-static is earlier than 0:3.3.15-1.el6

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openfabrics Ibacm cpe:2.3:a:openfabrics:ibacm:1.0.7:::::::*	1

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0509.nasl - Type : ACT_GATHER_INFO
2013-03-10	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0509.nasl - Type : ACT_GATHER_INFO
2013-03-05	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130221_rdma_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0509.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/55890
MISC	http://git.openfabrics.org/git?p=~shefty/ibacm.git%3Ba=commit%3Bh=d204fca2b62...
MLIST	http://www.openwall.com/lists/oss-security/2012/10/11/6 http://www.openwall.com/lists/oss-security/2012/10/11/9
REDHAT	http://rhn.redhat.com/errata/RHSA-2013-0509.html

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-02-13 09:28:38	Multiple Updates
2021-05-04 12:21:36	Multiple Updates
2021-04-22 01:25:45	Multiple Updates
2020-05-23 00:34:40	Multiple Updates
2014-02-17 11:13:19	Multiple Updates
2013-05-10 22:46:12	Multiple Updates
2013-03-08 13:19:14	Multiple Updates
2012-11-09 00:19:41	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	3
CPE ID(s)	1
Sources(s)	5
Nessus® Exploit(s)	4

	Related
5	RHSA-2013:0509
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0419s

Facebook rss twitter linkedin mail