3.6

CVE-2011-4339

ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ipmitool ProjectIpmitool Version1.8.11
   RedhatEnterprise Linux Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.345
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:N/I:P/A:P
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html
Third Party Advisory
http://openwall.com/lists/oss-security/2011/12/13/1
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2013-0123.html
Third Party Advisory
http://secunia.com/advisories/47173
Broken Link
http://secunia.com/advisories/47228
Broken Link
http://secunia.com/advisories/47376
Broken Link
http://www.debian.org/security/2011/dsa-2376
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:196
Broken Link
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1814.html
Third Party Advisory
http://www.securityfocus.com/bid/51036
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=742837
Patch
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/71763
Third Party Advisory
VDB Entry