PT-2020-3610 · Ipmitool+6 · Ipmitool+6

Christopher Ertl

·

Published

2020-02-04

·

Updated

2024-09-09

·

CVE-2020-5208

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions ipmitool versions prior to 1.8.19
Description The issue arises from multiple functions in ipmitool neglecting proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. The vulnerable functions include read fru area(), read fru area section(), ipmi spd print fru(), ipmi get session info(), ipmi get channel cipher suites(), and get lan param select(). Exploitation of this issue may allow a remote attacker to cause a denial of service or execute arbitrary code.
Recommendations For versions prior to 1.8.19, update to version 1.8.19 to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable functions until a patch is available. Avoid running ipmitool as a privileged user to minimize the risk of exploitation.

Fix

RCE

Buffer Overflow

Weakness Enumeration

CWE-120CWE-119

Related Identifiers

ALT-PU-2021-1411
ALT-PU-2021-1916
ALT-PU-2021-2144
ALT-PU-2023-1120
ALT-PU-2023-1200
AZL-6489
BDU:2020-03947
BDU:2020-04640
CESA-2020_0981
CESA-2020_0984
CESA-2020_1331
CVE-2020-5208
DLA-2098-1
DLA-2699-1
GHSA-G659-9QXW-P7CP
MGASA-2020-0097
MGASA-2023-0135
OPENSUSE-SU-2020:0247-1
OPENSUSE-SU-2020_0247-1
OPENSUSE-SU-2024:10864-1
RHSA-2020:0979
RHSA-2020:0981
RHSA-2020:0984
RHSA-2020:1331
RHSA-2020:1486
RHSA-2020:2213
RHSA-2020:2276
RHSA-2020:2284
RHSA-2020:2286
RHSA-2020_0981
RHSA-2020_0984
RHSA-2020_1331
ROSA-SA-2024-2475
SUSE-SU-2020:0405-1
SUSE-SU-2020:0617-1
SUSE-SU-2020:0630-1
SUSE-SU-2020:14313-1
SUSE-SU-2020_0405-1
SUSE-SU-2020_0617-1
SUSE-SU-2020_0630-1
SUSE-SU-2020_14313-1
USN-5997-1

Affected Products

Alt Linux
Centos
Linuxmint
Red Hat
Suse
Ubuntu
Ipmitool