xorl %eax, %eax

CVE-2011-4339: OpenIPMI Event Daemon Insecure PID File Creation

leave a comment »

As it was reported by Masahiro Matsuya, OpenIPMI (Intelligent Platform Management Interface) library and tools was creating its PID files with world writable (meaning 0666) permissions.
Due to this, any local user could change the PID of the aforementioned files and send signals (such as kill) to other processes.

The fix to this bug was to patch lib/helper.c file. Specifically, daemon’s initialization routine, ipmi_start_daemon() in order to remove the umask(2) system call.

 	chdir("/");
-	umask(0);
 
 	for (fd=0; fd<64; fd++) {
 		if (fd != intf->fd)

Written by xorl

January 2, 2012 at 09:33

Posted in bugs

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s