[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-4339Date: (C)2011-12-14   (M)2023-12-22


ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.6
Exploit Score: 3.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-47173
SECUNIA-47228
SECUNIA-47376
BID-51036
DSA-2376
FEDORA-2011-17065
FEDORA-2011-17071
MDVSA-2011:196
RHSA-2011:1814
RHSA-2013:0123
http://openwall.com/lists/oss-security/2011/12/13/1
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=742837
impitool-pid-dos(71763)

CWE    1
CWE-732
OVAL    11
oval:org.secpod.oval:def:600631
oval:org.secpod.oval:def:1503230
oval:org.secpod.oval:def:1500087
oval:org.secpod.oval:def:103437
...

© SecPod Technologies