Scientific Linux Security Update : OpenIPMI on SL5.x i386/x86_64

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

It was discovered that the IPMI event daemon (ipmievd) created its
process ID (PID) file with world-writable permissions. A local user
could use this flaw to make the ipmievd init script kill an arbitrary
process when the ipmievd daemon is stopped or restarted.
(CVE-2011-4339)

Note: This issue did not affect the default configuration of OpenIPMI
as shipped with Scientific Linux 5.

This update also fixes the following bugs :

- Prior to this update, the ipmitool utility first checked
the IPMI hardware for Dell IPMI extensions and listed
only supported commands when printing command usage like
the option 'ipmtool delloem help'. On a non-Dell
platform, the usage text was incomplete and misleading.
This update lists all Dell OEM extensions in usage texts
on all platforms, which allows users to check for
command line arguments on non-Dell hardware.

- Prior to this update, the ipmitool utility tried to
retrieve the Sensor Data Records (SDR) from the IPMI bus
instead of the Baseboard Management Controller (BMC) bus
when IPMI-enabled devices reported SDR under a different
owner than the BMC. As a consequence, the timeout
setting for the SDR read attempt could significantly
decrease the performance and no sensor data was shown.
This update modifies ipmitool to read these SDR records
from the BMC and shows the correct sensor data on these
platforms.

- Prior to this update, the exit code of the 'ipmitool -o
list' option was not set correctly. As a consequence,
'ipmitool -o list' always returned the value 1 instead
of the expected value 0. This update modifies the
underlying code to return the value 0 as expected.

- Prior to this update, the 'ipmi' service init script did
not specify the full path to the '/sbin/lsmod' and
'/sbin/modprobe' system utilities. As a consequence, the
init script failed when it was executed if PATH did not
point to /sbin, for example, when running 'sudo
/etc/init.d/ipmi'. This update modifies the init script
so that it now contains the full path to lsmod and
modrpobe. Now, it can be executed with sudo.

- Prior to this update, the ipmitool man page did not list
the '-b', '-B', '-l' and '-T' options. In this update,
these options are documented in the ipmitool man page.

This update also adds the following enhancement :

- Updates to the Dell-specific IPMI extension: A new
vFlash command, which allows users to display
information about extended SD cards
a new setled
command, which allows users to display the backplane LED
status
improved error descriptions
added support for
new hardware
and updated documentation of the ipmitool
delloem commands in the ipmitool manual page.

See also :

http://www.nessus.org/u?3f304011

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.6
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 63601 ()

Bugtraq ID:

CVE ID: CVE-2011-4339