PT-2011-1131 · Ipmitool+2 · Ipmitool+3

Publicado

2011-12-13

Atualizado

2022-02-03

CVE-2011-4339

CVSS v2.0

3.6

Baixa

Vetor

AV:L/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions ipmitool versions 1.8.11 ipmitool-debuginfo versions 1.8.11

Description The issue allows local users to kill arbitrary processes by writing to the ipmievd.pid PID file, which has 0666 permissions. This can lead to disruption of integrity and availability of protected information. The exploitation of this issue can be performed locally.

Recommendations For ipmitool version 1.8.11, consider changing the permissions of the ipmievd.pid PID file to prevent local users from writing to it. For ipmitool-debuginfo version 1.8.11, consider changing the permissions of the ipmievd.pid PID file to prevent local users from writing to it. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

BDU:2015-06964

BDU:2015-06965

BDU:2015-08806

BDU:2015-08807

CESA-2011_1814

CVE-2011-4339

DSA-2376-1

DSA-2376-2

RHSA-2011:1814

RHSA-2011_1814

RHSA-2013:0123

RHSA-2013_0123

Produtos afetados

Centos

Red Hat

Ipmitool

Ipmitool-Debuginfo

PT-2011-1131 · Ipmitool+2 · Ipmitool+3

CVE-2011-4339

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 34