| Name | CVE-2011-4339 |
| Description | ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-2376-1, DSA-2376-2 |
| Debian Bugs | 651917 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| ipmitool (PTS) | bullseye | 1.8.18-10.1 | fixed |
| bookworm | 1.8.19-4+deb12u2 | fixed | |
| trixie | 1.8.19-9 | fixed | |
| forky, sid | 1.8.19-10 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| ipmitool | source | lenny | 1.8.9-2+squeeze1 | DSA-2376-2 | ||
| ipmitool | source | squeeze | 1.8.11-2+squeeze2 | DSA-2376-1 | ||
| ipmitool | source | (unstable) | 1.8.11-5 | 651917 |