It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
2020-02-05T14:15:11.420
2024-11-21T05:33:40.930
Modified
CVSSv3.1: 7.7 (HIGH)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | ipmitool_project | ipmitool | 1.8.18 | Yes |
Operating System | debian | debian_linux | 8.0 | Yes |
Operating System | debian | debian_linux | 9.0 | Yes |
Operating System | fedoraproject | fedora | 30 | Yes |
Operating System | fedoraproject | fedora | 31 | Yes |
Operating System | opensuse | leap | 15.1 | Yes |