Content Spoofing

2019-01-1508:51:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.005 Low

EPSS

Percentile

76.0%

JSON

librdmacm is vulnerable to content spoofing. A static port 6125 is used to connect to the ib_acm service by default. This allows a local attacker to host a malicious ib_acm service on the same port to provide incorrect address resolution information to all librmdacm applications.

CPENameOperatorVersion
libmlx4eq1.0.4__1.el6
libmlx4eq1.0.1__7.el6
libmlx4eq1.0.2__3.el6
libmlx4eq1.0.2__5.el6
mpitestseq3.2__2.el6
mpitestseq3.2__4.el6
mpitestseq3.2__5.el6
rdmaeq3.6__1.el6
rdmaeq1.0__14.el6
rdmaeq3.3__4.el6_3

Name	Operator	Version
libmlx4	eq	1.0.4__1.el6
libmlx4	eq	1.0.1__7.el6
libmlx4	eq	1.0.2__3.el6
libmlx4	eq	1.0.2__5.el6
mpitests	eq	3.2__2.el6
mpitests	eq	3.2__4.el6
mpitests	eq	3.2__5.el6
rdma	eq	3.6__1.el6
rdma	eq	1.0__14.el6
rdma	eq	3.3__4.el6_3