CVE-2011-4339

Vulnerability Description

ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.htThird Party Advisory
• http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.htThird Party Advisory
• http://openwall.com/lists/oss-security/2011/12/13/1Mailing ListThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2013-0123.htmlThird Party Advisory
• http://secunia.com/advisories/47173Broken Link
• http://secunia.com/advisories/47228Broken Link
• http://secunia.com/advisories/47376Broken Link
• http://www.debian.org/security/2011/dsa-2376Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:196Broken Link
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2011-1814.htmlThird Party Advisory
• http://www.securityfocus.com/bid/51036Third Party AdvisoryVDB Entry
• http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cerThird Party Advisory
• https://bugzilla.redhat.com/show_bug.cgi?id=742837Issue TrackingPatch
• https://exchange.xforce.ibmcloud.com/vulnerabilities/71763Third Party AdvisoryVDB Entry