CVE-2011-4339

ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
ipmitool_projectipmitool
1.8.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ipmitool
bullseye
1.8.18-10.1
fixed
bookworm
1.8.19-4+deb12u1
fixed
trixie
1.8.19-7
fixed
sid
1.8.19-7.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ipmitool
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html
http://openwall.com/lists/oss-security/2011/12/13/1
http://rhn.redhat.com/errata/RHSA-2013-0123.html
http://secunia.com/advisories/47173
http://secunia.com/advisories/47228
http://secunia.com/advisories/47376
http://www.debian.org/security/2011/dsa-2376
http://www.mandriva.com/security/advisories?name=MDVSA-2011:196
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.redhat.com/support/errata/RHSA-2011-1814.html
http://www.securityfocus.com/bid/51036
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=742837
https://exchange.xforce.ibmcloud.com/vulnerabilities/71763
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html
http://openwall.com/lists/oss-security/2011/12/13/1
http://rhn.redhat.com/errata/RHSA-2013-0123.html
http://secunia.com/advisories/47173
http://secunia.com/advisories/47228
http://secunia.com/advisories/47376
http://www.debian.org/security/2011/dsa-2376
http://www.mandriva.com/security/advisories?name=MDVSA-2011:196
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.redhat.com/support/errata/RHSA-2011-1814.html
http://www.securityfocus.com/bid/51036
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=742837
https://exchange.xforce.ibmcloud.com/vulnerabilities/71763