CVE-2012-4518
First published: Mon Oct 22 2012(Updated: )
ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenFabrics IBA Cm | =1.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.openfabrics.org/git?p=~shefty/ibacm.git%3Ba=commit%3Bh=d204fca2b6298d7799e918141ea8e11e7ad43cec
- http://rhn.redhat.com/errata/RHSA-2013-0509.html
- http://www.openwall.com/lists/oss-security/2012/10/11/6
- http://www.openwall.com/lists/oss-security/2012/10/11/9
- http://www.securityfocus.com/bid/55890
Frequently Asked Questions
What is the severity of CVE-2012-4518?
CVE-2012-4518 is considered a moderate severity vulnerability due to the potential for local users to gain unauthorized access to files.
How do I fix CVE-2012-4518?
To fix CVE-2012-4518, you should change the file permissions of the ib_acm daemon log and ibacm.port file to prevent world-writable access.
What kind of security risk does CVE-2012-4518 pose?
CVE-2012-4518 poses a security risk by allowing local users to overwrite important log files which may lead to data loss or denial of service.
Which versions of ibacm are affected by CVE-2012-4518?
CVE-2012-4518 affects ibacm version 1.0.7.
Who is affected by CVE-2012-4518?
Users of the ibacm 1.0.7 software are affected by CVE-2012-4518 and should take immediate action to secure their systems.
- agent/weakness
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/references
- agent/severity
- vendor/openfabrics
- canonical/openfabrics iba cm
- version/openfabrics iba cm/1.0.7