CentOS Local Security Checks : CentOS Update for ipmitool CESA-2011:1814 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881362

Categoría: CentOS Local Security Checks

Título: CentOS Update for ipmitool CESA-2011:1814 centos6

Resumen: The remote host is missing an update for the 'ipmitool'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'ipmitool'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The ipmitool package contains a command line utility for interfacing with
devices that support the Intelligent Platform Management Interface (IPMI)
specification. IPMI is an open standard for machine health, inventory, and
remote power control.

It was discovered that the IPMI event daemon (ipmievd) created its process
ID (PID) file with world-writable permissions. A local user could use this
flaw to make the ipmievd init script kill an arbitrary process when the
ipmievd daemon is stopped or restarted. (CVE-2011-4339)

All users of ipmitool are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. After installing this
update, the IPMI event daemon (ipmievd) will be restarted automatically.

Affected Software/OS:
ipmitool on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
3.6

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4339
47173
http://secunia.com/advisories/47173
47228
http://secunia.com/advisories/47228
47376
http://secunia.com/advisories/47376
51036
http://www.securityfocus.com/bid/51036
DSA-2376
http://www.debian.org/security/2011/dsa-2376
FEDORA-2011-17065
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html
FEDORA-2011-17071
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html
MDVSA-2011:196
http://www.mandriva.com/security/advisories?name=MDVSA-2011:196
RHSA-2011:1814
http://www.redhat.com/support/errata/RHSA-2011-1814.html
RHSA-2013:0123
http://rhn.redhat.com/errata/RHSA-2013-0123.html
[oss-security] 20111213 OpenIPMI: IPMI event daemon creates PID file with world writeable permissions
http://openwall.com/lists/oss-security/2011/12/13/1
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=742837
impitool-pid-dos(71763)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71763

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881362
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for ipmitool CESA-2011:1814 centos6
Resumen:	The remote host is missing an update for the 'ipmitool'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'ipmitool' package(s) announced via the referenced advisory. Vulnerability Insight: The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control. It was discovered that the IPMI event daemon (ipmievd) created its process ID (PID) file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted. (CVE-2011-4339) All users of ipmitool are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the IPMI event daemon (ipmievd) will be restarted automatically. Affected Software/OS: ipmitool on CentOS 6 Solution: Please install the updated packages. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4339 47173 http://secunia.com/advisories/47173 47228 http://secunia.com/advisories/47228 47376 http://secunia.com/advisories/47376 51036 http://www.securityfocus.com/bid/51036 DSA-2376 http://www.debian.org/security/2011/dsa-2376 FEDORA-2011-17065 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html FEDORA-2011-17071 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html MDVSA-2011:196 http://www.mandriva.com/security/advisories?name=MDVSA-2011:196 RHSA-2011:1814 http://www.redhat.com/support/errata/RHSA-2011-1814.html RHSA-2013:0123 http://rhn.redhat.com/errata/RHSA-2013-0123.html [oss-security] 20111213 OpenIPMI: IPMI event daemon creates PID file with world writeable permissions http://openwall.com/lists/oss-security/2011/12/13/1 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://bugzilla.redhat.com/show_bug.cgi?id=742837 impitool-pid-dos(71763) https://exchange.xforce.ibmcloud.com/vulnerabilities/71763
Copyright	Copyright (C) 2012 Greenbone AG