CVE-2011-4339

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2011-4339
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2011-4339.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2011-4339
Related
Published
2011-12-15T03:57:34Z
Modified
2024-11-21T01:32:15Z
Downstream
Summary
[none]
Details

ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.

References

Affected packages

Debian:11 / ipmitool

Package

Name
ipmitool
Purl
pkg:deb/debian/ipmitool?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.11-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / ipmitool

Package

Name
ipmitool
Purl
pkg:deb/debian/ipmitool?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.11-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / ipmitool

Package

Name
ipmitool
Purl
pkg:deb/debian/ipmitool?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.11-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}