CVE-2011-4339: OpenIPMI Event Daemon Insecure PID File Creation

As it was reported by Masahiro Matsuya, OpenIPMI (Intelligent Platform Management Interface) library and tools was creating its PID files with world writable (meaning 0666) permissions.
Due to this, any local user could change the PID of the aforementioned files and send signals (such as kill) to other processes.

The fix to this bug was to patch lib/helper.c file. Specifically, daemon’s initialization routine, ipmi_start_daemon() in order to remove the umask(2) system call.

 	chdir("/");
-	umask(0);
 
 	for (fd=0; fd<64; fd++) {
 		if (fd != intf->fd)

Written by xorl

January 2, 2012 at 09:33

Posted in bugs

xorl @ twitter

@AfroditeXig My lady, it was an honour... Have a beautiful winter night 16 hours ago
A song for all my Greek followers... Hank Williams Jr. - Red, White, Pink Slip Blues: http://t.co/szJoTDe6 17 hours ago
@AfroditeXig Για την ιστορία, αυτό είναι μύθος: http://t.co/t0Rxl1y1 17 hours ago
@AfroditeXig Nah... Απλά είσαι κοινωνική πεταλουδίτσα με iphone :b 17 hours ago
Creedence Clearwater Revival - Someday Never Comes: http://t.co/aDxiELBR 17 hours ago
@AfroditeXig Θα ακουστεί περίεργο γι'αυτή την εποχή, αλλά τρέχω όλη μέρα με δουλειές. No time for twitter... Έσενα καλά σε βλέπω, σταθερή! 17 hours ago
@AfroditeXig Καλά, κανένας αχαϊρευτος δεν προσφέρθηκε να σπρώξει; Έδω ο εθελοντής γείτονας! :P 17 hours ago

xorl %eax, %eax