thr3ads.net - Secure testing team - [Secure-testing-team] Bug#651917: ipmitool: insecure file permission when creating PID files [Dec 2011]

If this information is useful, please help other people find it:
Share via:

Yves-Alexis Perez

2011-Dec-13 06:41 UTC

[Secure-testing-team] Bug#651917: ipmitool: insecure file permission when creating PID files

Package: ipmitool
Severity: grave
Tags: security
Justification: user security hole

Hi,

an insecure file permission flaw was found in the way ipmitool handled
the PID files creation.

There''s more info in the Red Hat bug, along with a patch, see
https://bugzilla.redhat.com/show_bug.cgi?id=742837

This has been assigned CVE-2011-4339, when you update a fix, could
you add it to the changelog entry?

Could you prepare updated packages for Squeeze and Lenny too?

Regards,
-- 
Yves-Alexis

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, ''unstable''), (500,
''testing''), (500, ''stable''), (500,
''oldstable'')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Secure testing team - Dec 2011 - Bug#651917: ipmitool: insecure file permission when creating PID files

[Secure-testing-team] Bug#651917: ipmitool: insecure file permission when creating PID files