CVE-2011-4339
OpenIPMI: IPMI event daemon creates PID file with world writeable permissions
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.
ipmievd (demonio de eventos IPMI) de OpenIPMI, tal como se utiliza en el paquete ipmitool 1.8.11 de Red Hat Enterprise Linux (RHEL) 6, utiliza permisos 0666 para su archivo PID ipmievd.pid, lo que permite a usuarios locales terminar procesos arbitrarios escribiendo en este fichero.
The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. It was discovered that the IPMI event daemon created its process ID file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted. All users of ipmitool are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the IPMI event daemon will be restarted automatically.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-11-04 CVE Reserved
- 2011-12-14 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2011/12/13/1 | Mailing List | |
| http://secunia.com/advisories/47173 | Broken Link | |
| http://secunia.com/advisories/47228 | Broken Link | |
| http://secunia.com/advisories/47376 | Broken Link | |
| http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/51036 | Third Party Advisory | |
| http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71763 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=742837 | 2013-01-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ipmitool Project Search vendor "Ipmitool Project" | Ipmitool Search vendor "Ipmitool Project" for product "Ipmitool" | 1.8.11 Search vendor "Ipmitool Project" for product "Ipmitool" and version "1.8.11" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Safe
|