Synopsis: Moderate: ipmitool security update
Issue Date: 2011-12-13
CVE Numbers: CVE-2011-4339
—
The ipmitool package contains a command line utility for interfacing with
devices that support the Intelligent Platform Management Interface (IPMI)
specification. IPMI is an open standard for machine health, inventory, and
remote power control.
It was discovered that the IPMI event daemon (ipmievd) created its process
ID (PID) file with world-writable permissions. A local user could use this
flaw to make the ipmievd init script kill an arbitrary process when the
ipmievd daemon is stopped or restarted. (CVE-2011-4339)
All users of ipmitool are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. After installing this
update, the IPMI event daemon (ipmievd) will be restarted automatically.
—
SL6
x86_64
ipmitool-1.8.11-12.el6_2.1.x86_64.rpm
i386
ipmitool-1.8.11-12.el6_2.1.i686.rpm
– Scientific Linux Development Team
