Back to search
CVE-2011-4339
Published: Dec 15, 2011
Modified: Aug 7, 2024
PUBLISHED
Description
ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDVSA-2011:196
vendor-advisory
x_refsource_MANDRIVA
47228
third-party-advisory
x_refsource_SECUNIA
47376
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=742837
x_refsource_CONFIRM
impitool-pid-dos(71763)
vdb-entry
x_refsource_XF
51036
vdb-entry
x_refsource_BID
DSA-2376
vendor-advisory
x_refsource_DEBIAN
RHSA-2011:1814
vendor-advisory
x_refsource_REDHAT
FEDORA-2011-17071
vendor-advisory
x_refsource_FEDORA
[oss-security] 20111213 OpenIPMI: IPMI event daemon creates PID file with world writeable permissions
mailing-list
x_refsource_MLIST
47173
third-party-advisory
x_refsource_SECUNIA
FEDORA-2011-17065
vendor-advisory
x_refsource_FEDORA
RHSA-2013:0123
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now