ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ipmitool | Ipmitool_project | 1.8.11 (including) | 1.8.11 (including) |
Red Hat Enterprise Linux 5 | RedHat | OpenIPMI-0:2.0.16-16.el5 | * |
Red Hat Enterprise Linux 6 | RedHat | ipmitool-0:1.8.11-12.el6_2.1 | * |
Ipmitool | Ubuntu | hardy | * |
Ipmitool | Ubuntu | lucid | * |
Ipmitool | Ubuntu | maverick | * |
Ipmitool | Ubuntu | natty | * |
Ipmitool | Ubuntu | oneiric | * |
Ipmitool | Ubuntu | upstream | * |