CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5208 – remote code execution vulnerability in ipmitool
https://notcve.org/view.php?id=CVE-2020-5208
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. Se detectó que varias funciones en ipmitool versiones anteriores a 1.8.19, descuidan la comprobación apropiada de los datos recibidos desde una parte de la LAN remota, lo que puede conllevar a desbordamientos de búfer y potencialmente a una ejecución de código remota en el lado de ipmitool. Esto es especialmente peligroso si ipmitool se ejecuta como un usuario privilegiado. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00031.html https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp https://lists.debian.org/debian-lts-announce/2020/02/msg00006.html https://lists.debian.org/debian-lts-announce/2021/06/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K2BPW66KDP4H36AGZXLED57A3O2Y6EQW https://lists.fedoraproject.org/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4339 – OpenIPMI: IPMI event daemon creates PID file with world writeable permissions
https://notcve.org/view.php?id=CVE-2011-4339
ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. ipmievd (demonio de eventos IPMI) de OpenIPMI, tal como se utiliza en el paquete ipmitool 1.8.11 de Red Hat Enterprise Linux (RHEL) 6, utiliza permisos 0666 para su archivo PID ipmievd.pid, lo que permite a usuarios locales terminar procesos arbitrarios escribiendo en este fichero. • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html http://openwall.com/lists/oss-security/2011/12/13/1 http://rhn.redhat.com/errata/RHSA-2013-0123.html http://secunia.com/advisories/47173 http://secunia.com/advisories/47228 http://secunia.com/advisories/47376 http://www.debian.org/security/2011/dsa-2376 http://www.mandriva.com/security/advisories?name=MDVSA-2011:196 htt • CWE-732: Incorrect Permission Assignment for Critical Resource •