CVE-2011-4339

EUVD-2011-4271
ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
ipmitool_projectipmitool
1.8.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ipmitool
bookworm
1.8.19-4+deb12u1
fixed
bullseye
1.8.18-10.1
fixed
sid
1.8.19-7.1
fixed
trixie
1.8.19-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ipmitool
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html
http://openwall.com/lists/oss-security/2011/12/13/1
http://rhn.redhat.com/errata/RHSA-2013-0123.html
http://secunia.com/advisories/47173
http://secunia.com/advisories/47228
http://secunia.com/advisories/47376
http://www.debian.org/security/2011/dsa-2376
http://www.mandriva.com/security/advisories?name=MDVSA-2011:196
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.redhat.com/support/errata/RHSA-2011-1814.html
http://www.securityfocus.com/bid/51036
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=742837
https://exchange.xforce.ibmcloud.com/vulnerabilities/71763
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html
http://openwall.com/lists/oss-security/2011/12/13/1
http://rhn.redhat.com/errata/RHSA-2013-0123.html
http://secunia.com/advisories/47173
http://secunia.com/advisories/47228
http://secunia.com/advisories/47376
http://www.debian.org/security/2011/dsa-2376
http://www.mandriva.com/security/advisories?name=MDVSA-2011:196
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.redhat.com/support/errata/RHSA-2011-1814.html
http://www.securityfocus.com/bid/51036
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=742837
https://exchange.xforce.ibmcloud.com/vulnerabilities/71763