Red Hat Security Advisory 2013-0123-01 - The OpenIPMI packages provide command line tools and utilities to access platform information using Intelligent Platform Management Interface. System administrators can use OpenIPMI to manage systems and to perform system health monitoring. It was discovered that the IPMI event daemon created its process ID file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted. Note: This issue did not affect the default configuration of OpenIPMI as shipped with Red Hat Enterprise Linux 5.
2deae90ed110e0a7cb728df733255c88da19161c8fc16e2a5df7248e8222da5aDebian Linux Security Advisory 2376-2 - It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file.
1f6cfd1dbcceedfde1aa46a1380d5bbcc45286102e4084bf6b7ccbcc281ee09aDebian Linux Security Advisory 2376-1 - It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file.
1792cce81ebb6c50f256dc4d012b7bb7f95b15fee06cdf02d505666c659648caMandriva Linux Security Advisory 2011-196 - ipmievd as used in the ipmitool package uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. In Mandriva the ipmievd daemon from the ipmitool package does not have an initscript to start and stop the service, however one could rather easily craft an initscript or start the service by other means rendering the system vulnerable to this issue. The updated packages have been patched to correct this issue.
e7ceb452eacf5294054577ed0e7859c33ab09a7e6112efc684299aa6865ac1a1Red Hat Security Advisory 2011-1814-01 - The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. It was discovered that the IPMI event daemon created its process ID file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted. All users of ipmitool are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the IPMI event daemon will be restarted automatically.
62add3e212c5b9df0506f9c22fdba3b39dd6ac36a3e365b075092f91e980f787
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed