Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 13 Dec 2011 09:24:44 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com
Subject: OpenIPMI: IPMI event daemon creates PID file with world writeable
 permissions

Hi,

A insecure file permissions flaw was found in the way IPMI event daemon 
of the OpenIPMI (Intelligent Platform Management Interface) library and 
tools created its PID file (it was created with 0666 permissions). A 
local user could use this flaw to kill arbitrary running process during 
ipmievd service shutdown.

This has been assigned CVE-2011-4339

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=742837


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.