Home page logo
/

oss-sec logo oss-sec mailing list archives

OpenIPMI: IPMI event daemon creates PID file with world writeable permissions
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Tue, 13 Dec 2011 09:24:44 +0530

Hi,

A insecure file permissions flaw was found in the way IPMI event daemon of the OpenIPMI (Intelligent Platform Management Interface) library and tools created its PID file (it was created with 0666 permissions). A local user could use this flaw to kill arbitrary running process during ipmievd service shutdown.

This has been assigned CVE-2011-4339

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=742837


--
Huzaifa Sidhpurwala / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
  • OpenIPMI: IPMI event daemon creates PID file with world writeable permissions Huzaifa Sidhpurwala (Dec 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault