CVE-2011-4339 – OpenIPMI: IPMI event daemon creates PID file with world writeable permissions

https://notcve.org/view.php?id=CVE-2011-4339

ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. ipmievd (demonio de eventos IPMI) de OpenIPMI, tal como se utiliza en el paquete ipmitool 1.8.11 de Red Hat Enterprise Linux (RHEL) 6, utiliza permisos 0666 para su archivo PID ipmievd.pid, lo que permite a usuarios locales terminar procesos arbitrarios escribiendo en este fichero. • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html http://openwall.com/lists/oss-security/2011/12/13/1 http://rhn.redhat.com/errata/RHSA-2013-0123.html http://secunia.com/advisories/47173 http://secunia.com/advisories/47228 http://secunia.com/advisories/47376 http://www.debian.org/security/2011/dsa-2376 http://www.mandriva.com/security/advisories?name=MDVSA-2011:196 htt • CWE-732: Incorrect Permission Assignment for Critical Resource •