CVE-2011-4339

CVSS V2 Low 3.6 CVSS V3 None
Description
ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.
Overview
  • CVE ID
  • CVE-2011-4339
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2011-12-15T03:57:34
  • Last Modified Date
  • 2022-02-03T19:59:35
Weakness Enumerations
CWE URL
CWE-732 http://cwe.mitre.org/data/definitions/732.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:ipmitool_project:ipmitool:1.8.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:N/I:P/A:P
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 3.6
  • Severity
  • LOW
  • Exploitability Score
  • 3.9
  • Impact Score
  • 4.9
References
Reference URL Reference Tags
http://openwall.com/lists/oss-security/2011/12/13/1 Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=742837 Issue Tracking Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2011:196 Broken Link
http://www.redhat.com/support/errata/RHSA-2011-1814.html Third Party Advisory
http://secunia.com/advisories/47173 Broken Link
http://secunia.com/advisories/47228 Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html Third Party Advisory
http://www.debian.org/security/2011/dsa-2376 Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html Third Party Advisory
http://secunia.com/advisories/47376 Broken Link
http://rhn.redhat.com/errata/RHSA-2013-0123.html Third Party Advisory
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html Third Party Advisory
http://www.securityfocus.com/bid/51036 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/71763 Third Party Advisory VDB Entry
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2011-4339
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4339
History
Created Old Value New Value Data Type Notes
2022-05-10 06:34:19 Added to TrackCVE