CVE-2011-4339

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 15-12-2011 04:57

Last modified: - 03-02-2022 08:59

Total changes: - 2

Description

ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:N/I:P/A:P

Low

Attack complexity

Local

Attack vector

Low

Availability

None

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

3.6

Base score

3.9

4.9

Exploitability score

Impact score

Verification logic

AND

vendor=ipmitool_project AND product=ipmitool AND version=1.8.11

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=6.0

Reference

[oss-security] 20111213 OpenIPMI: IPMI event daemon creates PID file with world writeable permissions-Mailing List, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=742837
MDVSA-2011:196-Broken Link
RHSA-2011:1814-Third Party Advisory
47173-Broken Link
47228-Broken Link
FEDORA-2011-17071-Third Party Advisory
DSA-2376-Third Party Advisory
FEDORA-2011-17065-Third Party Advisory
47376-Broken Link
RHSA-2013:0123-Third Party Advisory
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
51036-Third Party Advisory, VDB Entry
impitool-pid-dos(71763)-Third Party Advisory, VDB Entry

Keywords

CVE-2011-4339

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2011-4339

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures