Home > Vulnerability Database > CVE-2011-4339

Mend.io Vulnerability Database

CVE-2011-4339

Date: December 14, 2011

ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.

Severity Score

5.1

Related Resources (19)

Url: https://access.redhat.com/security/cve/CVE-2011-4339

Url: http://www.securityfocus.com/bid/51036

Url: https://security-tracker.debian.org/tracker/CVE-2011-4339

Url: http://secunia.com/advisories/47173

Url: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Url: http://rhn.redhat.com/errata/RHSA-2013-0123.html

Url: http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-4339

Url: http://www.debian.org/security/2011/dsa-2376

Url: http://openwall.com/lists/oss-security/2011/12/13/1

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2011:196

Url: http://secunia.com/advisories/47376

Url: http://www.redhat.com/support/errata/RHSA-2011-1814.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/71763

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=742837

Url: http://secunia.com/advisories/47228

Url: https://www.mend.io/vulnerability-database/CVE-2011-4339

Severity Score

5.1

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Incorrect Permission Assignment for Critical Resource

CWE-732

CVSS v3.1

Base Score:	5.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	3.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-4339

Date: December 14, 2011

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?