Lucene search

K

PRIOn knowledge basePRION:CVE-2011-4339

HistoryDec 15, 2011 - 3:57 a.m.

Code injection

2011-12-1503:57:00

PRIOn knowledge base

www.prio-n.com

3

6.6 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

8.3%

ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.

CPENameOperatorVersion
ipmitooleq1.8.11

References

openwall.com/lists/oss-security/2011/12/13/1

rhn.redhat.com/errata/RHSA-2013-0123.html

secunia.com/advisories/47173

secunia.com/advisories/47228

secunia.com/advisories/47376

www.debian.org/security/2011/dsa-2376

www.mandriva.com/security/advisories?name=MDVSA-2011:196

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.redhat.com/support/errata/RHSA-2011-1814.html

www.securityfocus.com/bid/51036

www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

bugzilla.redhat.com/show_bug.cgi?id=742837

exchange.xforce.ibmcloud.com/vulnerabilities/71763

lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html

lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html

6.6 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

8.3%

Related for PRION:CVE-2011-4339

oraclelinux2 openvas20 redhat3 osv2 nessus14 fedora2 ubuntucve1 centos2 securityvulns2 cve1 debiancve1 veracode1 debian2