librdmacm 'ib_acm' Service Port Connection Security Vulnerability

librdmacm is prone to a security vulnerability because of a design error that causes the library to always connect to default port 6125 if the '/var/run/ibacm.port' file is not found.

An attacker may exploit this issue to send malicious address resolution information to the applications using the affected library. This may aid in other attacks.

To successfully exploit this issue, an attacker must be able to run a rogue 'ib_acm' service on port 6125 on a server which affected clients may connect to.


 

Privacy Statement
Copyright 2010, SecurityFocus