PT-2011-1131 · Ipmitool+2 · Ipmitool+3

Published

2011-12-13

Updated

2022-02-03

CVE-2011-4339

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions ipmitool versions 1.8.11 ipmitool-debuginfo versions 1.8.11

Description The issue allows local users to kill arbitrary processes by writing to the ipmievd.pid PID file, which has 0666 permissions. This can lead to disruption of integrity and availability of protected information. The exploitation of this issue can be performed locally.

Recommendations For ipmitool version 1.8.11, consider changing the permissions of the ipmievd.pid PID file to prevent local users from writing to it. For ipmitool-debuginfo version 1.8.11, consider changing the permissions of the ipmievd.pid PID file to prevent local users from writing to it. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

BDU:2015-06964

BDU:2015-06965

BDU:2015-08806

BDU:2015-08807

CESA-2011_1814

CVE-2011-4339

DSA-2376-1

DSA-2376-2

RHSA-2011:1814

RHSA-2011_1814

RHSA-2013:0123

RHSA-2013_0123

Affected Products

Centos

Red Hat

Ipmitool

Ipmitool-Debuginfo

PT-2011-1131 · Ipmitool+2 · Ipmitool+3

CVE-2011-4339

Weakness Enumeration

Related Identifiers

Affected Products

References · 34