The vulnerabilities affect the implementations of the functions read_fru_area(), read_fru_area_section(), ipmi_spd_print_fru(), ipmi_get_session_info(), ipmi_get_channel_cipher_suites(), and get_lan_param_select(). These functions are used for managing and configuring devices that support IPMI through ipmitool. This allows a malicious individual to cause service interruptions or execute arbitrary code.
The vulnerability of the implementations of several functions such as readfruarea, readfruareasection, ipmispdprintfru, ipmigetsessioninfo, ipmigetchannelciphersuites, and getlanparamselect—utilities for managing and configuring devices that support IPMI—is due to buffer overflows. Exploiting thi...