Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

4.96. ipmitool

An updated ipmitool package that fixes one security issue is now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control.

Security Fix

CVE-2011-4339
It was discovered that the IPMI event daemon (ipmievd) created its process ID (PID) file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted.
All users of ipmitool are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the IPMI event daemon (ipmievd) will be restarted automatically.
An updated ipmitool package that fixes multiple bugs is now available for Red Hat Enterprise Linux 6.
The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control.

Bug Fixes

BZ#675975
Prior to this update, ipmitool's Serial Over LAN (SOL) module erroneously calculated the number of octets processed by the Baseboard Management Controller and could have resent already acknowledged chunks of serial communication, which could have corrupted the serial line with additional characters. Under certain circumstances, this could have also brought ipmitool into an endless loop or unexpected termination. With this update, ipmitool now correctly calculates the number of octets processed by the BMC and does not resend unwanted characters over the serial line.
BZ#727314
This update improves integration of the Linux Multiple Device (MD) driver with ipmitool to indicate the SCSI enclosure services (SES) status and drive activities for the PCIe SSD based solutions.
BZ#726390
This update adds the "channel setkg" subcommand to the "ipmitool" command, which allows for KG key configuration.
BZ#726390
This update adds the "-Y" option, which allows reading of the KG key from the terminal.
BZ#731977
A serial console connected to over the LAN and activated with the command "ipmitool sol activate" contained a memory leak, which could have consumed all available memory resources over time. This update fixes the problem.
BZ#731718
Invoking "ipmitool delloem powermonitor" did not properly convert values received over the network to integer numbers on big-endian systems (PowerPC, IBM System z). As a result, mostly random values were displayed when reporting power consumption. This update fixes the integer conversions in the "powermonitor" command so that the power consumption is now reported correctly on PowerPC and IBM System z architectures.
All users of ipmitool are advised to upgrade to this updated package, which fixes these bugs.
Updated ipmitool packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support.
The ipmitool package contains a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control.

Bug Fix

BZ#990960
In cases of congested networks or slow-responding BMCs (Baseboard Management Controller), the reply operation timeout triggered the protocol command retry action. Consequently, the ipmitool utility could incorrectly process a LAN session protocol command with the reply from a previous protocol command. This update fixes handling of expected replies for each command alone and cleans up expected replies between commands. Now, the retried reply of the first command is correctly ignored while the later command, which is currently pending, is properly processed in the described scenario.
Users of ipmitool are advised to upgrade to these updated packages, which fix this bug. After installing this update, the IPMI event daemon (ipmievd) will be restarted automatically.