RHEL 5 : OpenIPMI (RHSA-2013:0123)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated OpenIPMI packages that fix one security issue, multiple bugs,
and add one enhancement are now available for Red Hat Enterprise Linux
5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The OpenIPMI packages provide command line tools and utilities to
access platform information using Intelligent Platform Management
Interface (IPMI). System administrators can use OpenIPMI to manage
systems and to perform system health monitoring.

It was discovered that the IPMI event daemon (ipmievd) created its
process ID (PID) file with world-writable permissions. A local user
could use this flaw to make the ipmievd init script kill an arbitrary
process when the ipmievd daemon is stopped or restarted.
(CVE-2011-4339)

Note: This issue did not affect the default configuration of OpenIPMI
as shipped with Red Hat Enterprise Linux 5.

This update also fixes the following bugs :

* Prior to this update, the ipmitool utility first checked the IPMI
hardware for Dell IPMI extensions and listed only supported commands
when printing command usage like the option 'ipmtool delloem help'. On
a non-Dell platform, the usage text was incomplete and misleading.
This update lists all Dell OEM extensions in usage texts on all
platforms, which allows users to check for command line arguments on
non-Dell hardware. (BZ#658762)

* Prior to this update, the ipmitool utility tried to retrieve the
Sensor Data Records (SDR) from the IPMI bus instead of the Baseboard
Management Controller (BMC) bus when IPMI-enabled devices reported SDR
under a different owner than the BMC. As a consequence, the timeout
setting for the SDR read attempt could significantly decrease the
performance and no sensor data was shown. This update modifies
ipmitool to read these SDR records from the BMC and shows the correct
sensor data on these platforms. (BZ#671059, BZ#749796)

* Prior to this update, the exit code of the 'ipmitool -o list' option
was not set correctly. As a consequence, 'ipmitool -o list' always
returned the value 1 instead of the expected value 0. This update
modifies the underlying code to return the value 0 as expected.
(BZ#740780)

* Prior to this update, the 'ipmi' service init script did not specify
the full path to the '/sbin/lsmod' and '/sbin/modprobe' system
utilities. As a consequence, the init script failed when it was
executed if PATH did not point to /sbin, for example, when running
'sudo /etc/init.d/ipmi'. This update modifies the init script so that
it now contains the full path to lsmod and modrpobe. Now, it can be
executed with sudo. (BZ#829705)

* Prior to this update, the ipmitool man page did not list the '-b',
'-B', '-l' and '-T' options. In this update, these options are
documented in the ipmitool man page. (BZ#846596)

This update also adds the following enhancement :

* Updates to the Dell-specific IPMI extension: A new vFlash command,
which allows users to display information about extended SD cards
a
new setled command, which allows users to display the backplane LED
status
improved error descriptions
added support for new hardware

and updated documentation of the ipmitool delloem commands in the
ipmitool manual page. (BZ#797050)

All users of OpenIPMI are advised to upgrade to these updated
packages, which contain backported patches to correct these issues and
add this enhancement.

See also :

https://www.redhat.com/security/data/cve/CVE-2011-4339.html
http://rhn.redhat.com/errata/RHSA-2013-0123.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.6
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 3.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 63406 ()

Bugtraq ID: 51036

CVE ID: CVE-2011-4339