Scientific Linux: CVE-2011-4339 Moderate: Ipmitool Update

Date: Thu, 15 Dec 2011 15:24:23 -0600
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: ipmitool on SL6.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis: Moderate: ipmitool security update
Issue Date: 2011-12-13
CVE Numbers: CVE-2011-4339

The ipmitool package contains a command line utility for interfacing with
devices that support the Intelligent Platform Management Interface (IPMI)
specification. IPMI is an open standard for machine health, inventory, and
remote power control.

It was discovered that the IPMI event daemon (ipmievd) created its process
ID (PID) file with world-writable permissions. A local user could use this
flaw to make the ipmievd init script kill an arbitrary process when the
ipmievd daemon is stopped or restarted. (CVE-2011-4339)

All users of ipmitool are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. After installing this
update, the IPMI event daemon (ipmievd) will be restarted automatically.

SL6:
 i386
 ipmitool-1.8.11-12.el6_2.1.i686.rpm
 ipmitool-debuginfo-1.8.11-12.el6_2.1.i686.rpm
 x86_64
 ipmitool-1.8.11-12.el6_2.1.x86_64.rpm
 ipmitool-debuginfo-1.8.11-12.el6_2.1.x86_64.rpm

- Scientific Linux Development Team