Issued:
2011-12-13
Updated:
2011-12-13

RHSA-2011:1814 - Security Advisory

Synopsis

Moderate: ipmitool security update

Type/Severity

Security Advisory: Moderate

Topic

An updated ipmitool package that fixes one security issue is now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The ipmitool package contains a command line utility for interfacing with
devices that support the Intelligent Platform Management Interface (IPMI)
specification. IPMI is an open standard for machine health, inventory, and
remote power control.

It was discovered that the IPMI event daemon (ipmievd) created its process
ID (PID) file with world-writable permissions. A local user could use this
flaw to make the ipmievd init script kill an arbitrary process when the
ipmievd daemon is stopped or restarted. (CVE-2011-4339)

All users of ipmitool are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. After installing this
update, the IPMI event daemon (ipmievd) will be restarted automatically.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 6.2 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 6.2 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.2 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.2 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.2 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.2 i386
  • Red Hat Storage 2.0 x86_64
  • Red Hat Gluster Storage Server for On-premise 2.0 x86_64
  • Red Hat Storage for Public Cloud (via RHUI) 2.0 x86_64
  • Red Hat Enterprise Linux Server - AUS 6.2 x86_64

Fixes

  • BZ - 742837 - CVE-2011-4339 OpenIPMI: IPMI event daemon creates PID file with world writeable permissions

CVEs

References

Red Hat Enterprise Linux Server 6

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
x86_64
ipmitool-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 9c57ba9081fc390924429c5b9ab2fd765f3c1054c12fac1533c42047b3fba09d
ipmitool-debuginfo-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 5979056bbfd6876cc77d7796305c70d24219154ee60698ba5d414ec6cef859f8
i386
ipmitool-1.8.11-12.el6_2.1.i686.rpm SHA-256: f8909a2cec7b2f5a42277f66020e69e9de8f730b0371d21b884130169aa34b7f
ipmitool-debuginfo-1.8.11-12.el6_2.1.i686.rpm SHA-256: b924bee8793705c0e1fc68bda53ab3d1ed3350b6691de23ee1ff4a63a8622c0a

Red Hat Enterprise Linux Server - Extended Update Support 6.2

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
x86_64
ipmitool-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 9c57ba9081fc390924429c5b9ab2fd765f3c1054c12fac1533c42047b3fba09d
ipmitool-debuginfo-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 5979056bbfd6876cc77d7796305c70d24219154ee60698ba5d414ec6cef859f8
i386
ipmitool-1.8.11-12.el6_2.1.i686.rpm SHA-256: f8909a2cec7b2f5a42277f66020e69e9de8f730b0371d21b884130169aa34b7f
ipmitool-debuginfo-1.8.11-12.el6_2.1.i686.rpm SHA-256: b924bee8793705c0e1fc68bda53ab3d1ed3350b6691de23ee1ff4a63a8622c0a

Red Hat Enterprise Linux Server - AUS 6.2

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
x86_64
ipmitool-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 9c57ba9081fc390924429c5b9ab2fd765f3c1054c12fac1533c42047b3fba09d
ipmitool-debuginfo-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 5979056bbfd6876cc77d7796305c70d24219154ee60698ba5d414ec6cef859f8

Red Hat Enterprise Linux Workstation 6

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
x86_64
ipmitool-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 9c57ba9081fc390924429c5b9ab2fd765f3c1054c12fac1533c42047b3fba09d
ipmitool-debuginfo-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 5979056bbfd6876cc77d7796305c70d24219154ee60698ba5d414ec6cef859f8
i386
ipmitool-1.8.11-12.el6_2.1.i686.rpm SHA-256: f8909a2cec7b2f5a42277f66020e69e9de8f730b0371d21b884130169aa34b7f
ipmitool-debuginfo-1.8.11-12.el6_2.1.i686.rpm SHA-256: b924bee8793705c0e1fc68bda53ab3d1ed3350b6691de23ee1ff4a63a8622c0a

Red Hat Enterprise Linux Desktop 6

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
x86_64
ipmitool-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 9c57ba9081fc390924429c5b9ab2fd765f3c1054c12fac1533c42047b3fba09d
ipmitool-debuginfo-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 5979056bbfd6876cc77d7796305c70d24219154ee60698ba5d414ec6cef859f8
i386
ipmitool-1.8.11-12.el6_2.1.i686.rpm SHA-256: f8909a2cec7b2f5a42277f66020e69e9de8f730b0371d21b884130169aa34b7f
ipmitool-debuginfo-1.8.11-12.el6_2.1.i686.rpm SHA-256: b924bee8793705c0e1fc68bda53ab3d1ed3350b6691de23ee1ff4a63a8622c0a

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
s390x
ipmitool-1.8.11-12.el6_2.1.s390x.rpm SHA-256: 96f6825782b9295ee0c1fe9be04177b796ab849e8a72d6bf2529247cba3a565a
ipmitool-debuginfo-1.8.11-12.el6_2.1.s390x.rpm SHA-256: 9f022062a652b8087543a778cc3ac4edb467757ea1521ea74108a1ded421c4f1

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.2

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
s390x
ipmitool-1.8.11-12.el6_2.1.s390x.rpm SHA-256: 96f6825782b9295ee0c1fe9be04177b796ab849e8a72d6bf2529247cba3a565a
ipmitool-debuginfo-1.8.11-12.el6_2.1.s390x.rpm SHA-256: 9f022062a652b8087543a778cc3ac4edb467757ea1521ea74108a1ded421c4f1

Red Hat Enterprise Linux for Power, big endian 6

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
ppc64
ipmitool-1.8.11-12.el6_2.1.ppc64.rpm SHA-256: a2c02370cbd16d93185380e6fcd58a4da2255a85f42b2b6600322ba0654fd250
ipmitool-debuginfo-1.8.11-12.el6_2.1.ppc64.rpm SHA-256: b38b98688c6158cf3c8099ae08e2fa57b28f07e629ec86a988f0e322844c94fe

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.2

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
ppc64
ipmitool-1.8.11-12.el6_2.1.ppc64.rpm SHA-256: a2c02370cbd16d93185380e6fcd58a4da2255a85f42b2b6600322ba0654fd250
ipmitool-debuginfo-1.8.11-12.el6_2.1.ppc64.rpm SHA-256: b38b98688c6158cf3c8099ae08e2fa57b28f07e629ec86a988f0e322844c94fe

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
x86_64
ipmitool-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 9c57ba9081fc390924429c5b9ab2fd765f3c1054c12fac1533c42047b3fba09d
ipmitool-debuginfo-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 5979056bbfd6876cc77d7796305c70d24219154ee60698ba5d414ec6cef859f8

Red Hat Enterprise Linux Server from RHUI 6

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
x86_64
ipmitool-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 9c57ba9081fc390924429c5b9ab2fd765f3c1054c12fac1533c42047b3fba09d
ipmitool-debuginfo-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 5979056bbfd6876cc77d7796305c70d24219154ee60698ba5d414ec6cef859f8
i386
ipmitool-1.8.11-12.el6_2.1.i686.rpm SHA-256: f8909a2cec7b2f5a42277f66020e69e9de8f730b0371d21b884130169aa34b7f
ipmitool-debuginfo-1.8.11-12.el6_2.1.i686.rpm SHA-256: b924bee8793705c0e1fc68bda53ab3d1ed3350b6691de23ee1ff4a63a8622c0a

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.2

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
x86_64
ipmitool-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 9c57ba9081fc390924429c5b9ab2fd765f3c1054c12fac1533c42047b3fba09d
ipmitool-debuginfo-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 5979056bbfd6876cc77d7796305c70d24219154ee60698ba5d414ec6cef859f8
i386
ipmitool-1.8.11-12.el6_2.1.i686.rpm SHA-256: f8909a2cec7b2f5a42277f66020e69e9de8f730b0371d21b884130169aa34b7f
ipmitool-debuginfo-1.8.11-12.el6_2.1.i686.rpm SHA-256: b924bee8793705c0e1fc68bda53ab3d1ed3350b6691de23ee1ff4a63a8622c0a

Red Hat Gluster Storage Server for On-premise 2.0

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
x86_64
ipmitool-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 9c57ba9081fc390924429c5b9ab2fd765f3c1054c12fac1533c42047b3fba09d
ipmitool-debuginfo-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 5979056bbfd6876cc77d7796305c70d24219154ee60698ba5d414ec6cef859f8

Red Hat Storage for Public Cloud (via RHUI) 2.0

SRPM
ipmitool-1.8.11-12.el6_2.1.src.rpm SHA-256: 59451e7bb318133fdfe5748f1161ceb4a0eabc1858a642523ae5cdc2edc07b20
x86_64
ipmitool-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 9c57ba9081fc390924429c5b9ab2fd765f3c1054c12fac1533c42047b3fba09d
ipmitool-debuginfo-1.8.11-12.el6_2.1.x86_64.rpm SHA-256: 5979056bbfd6876cc77d7796305c70d24219154ee60698ba5d414ec6cef859f8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.