Mandriva Linux Security Advisory : ipmitool (MDVSA-2011:196)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

A vulnerability has been discovered and corrected in ipmitool :

ipmievd as used in the ipmitool package uses 0666 permissions for its
ipmievd.pid PID file, which allows local users to kill arbitrary
processes by writing to this file (CVE-2011-4339).

In Mandriva the ipmievd daemon from the ipmitool package does not have
an initscript to start and stop the service, however one could rather
easily craft an initscript or start the service by other means
rendering the system vulnerable to this issue.

The updated packages have been patched to correct this issue.

Solution :

Update the affected ipmitool package.

Risk factor :

Low / CVSS Base Score : 3.6
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 3.1
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 57413 ()

Bugtraq ID: 51036

CVE ID: CVE-2011-4339

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now