3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
9.3%
CentOS Errata and Security Advisory CESA-2011:1814
The ipmitool package contains a command line utility for interfacing with
devices that support the Intelligent Platform Management Interface (IPMI)
specification. IPMI is an open standard for machine health, inventory, and
remote power control.
It was discovered that the IPMI event daemon (ipmievd) created its process
ID (PID) file with world-writable permissions. A local user could use this
flaw to make the ipmievd init script kill an arbitrary process when the
ipmievd daemon is stopped or restarted. (CVE-2011-4339)
All users of ipmitool are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. After installing this
update, the IPMI event daemon (ipmievd) will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-December/080503.html
Affected packages:
ipmitool
Upstream details at:
https://access.redhat.com/errata/RHSA-2011:1814
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | ipmitool | < 1.8.11-12.el6_2.1 | ipmitool-1.8.11-12.el6_2.1.i686.rpm |
CentOS | 6 | x86_64 | ipmitool | < 1.8.11-12.el6_2.1 | ipmitool-1.8.11-12.el6_2.1.x86_64.rpm |