Summary: | <sys-apps/ipmitool-1.8.18_p20201004-r1: buffer overflows and potentially remote code execution (CVE-2020-5208) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | filip ambroz <filip.ambroz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | alexander, sysadmin |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp | ||
See Also: | https://github.com/gentoo/gentoo/pull/18827 | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
filip ambroz
2020-02-06 00:21:19 UTC
Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5208 https://nvd.nist.gov/vuln/detail/CVE-2020-5208 Patch: https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 It's not just a single patch, it's a whole series of them and they depend on other commits post 1.8.18. I'm not sure of upstream's release schedule for 1.8.19 yet, punting to wait for upstream. CVE-2020-5208 (https://nvd.nist.gov/vuln/detail/CVE-2020-5208): It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. (In reply to Robin Johnson from comment #2) > It's not just a single patch, it's a whole series of them and they depend on > other commits post 1.8.18. > > I'm not sure of upstream's release schedule for 1.8.19 yet, punting to wait > for upstream. No problem. Obviously let us know when they release .19 if we don't catch it ourselves. Thanks as always. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=354053fecd502788f67e9d432c0985f3ab724c79 commit 354053fecd502788f67e9d432c0985f3ab724c79 Author: Robin H. Johnson <robbat2@gentoo.org> AuthorDate: 2020-10-21 22:08:51 +0000 Commit: Robin H. Johnson <robbat2@gentoo.org> CommitDate: 2020-10-21 22:09:13 +0000 sys-apps/ipmitool: snapshot upstream for CVE Upstream has still made a new release since 2016/10/08; including the promised 1.8.19 per their own security advisory on 2020/02/04. Capture the latest upstream state as a snapshot release, and port the Debian patchset to it, as the Debian patchset contains other updates & CVE fixes rejected by upstream. Reference: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp Bug: https://bugs.gentoo.org/708436 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> sys-apps/ipmitool/Manifest | 4 + sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild | 96 ++++++++++++++ sys-apps/ipmitool/ipmitool-1.8.18_p20201004.ebuild | 145 +++++++++++++++++++++ 3 files changed, 245 insertions(+) Thanks! Please proceed with stabilization when ready. stable-arches: amd64, hppa, ppc, x86 arches, please compile-test and stabilize sys-apps/ipmitool_p20201004 If you have IPMI hardware, you can also test with it, but that shouldn't hold up the rest of this. Unable to check for sanity:
> disallowed package spec (only = allowed): sys-apps/ipmitool_p20201004
arches: sys-apps/ipmitool_p20201004-r1 for stablereq sys-apps/ipmitool_p20201004-r2 adds more tooling from contrib/ Unable to check for sanity:
> disallowed package spec (only = allowed): sys-apps/ipmitool_p20201004-r1
Sanity check failed:
> sys-apps/ipmitool-1.8.18_p20201004-r1
> depend hppa stable profile default/linux/hppa/17.0 (3 total)
> sys-apps/systemd:0=
> rdepend hppa stable profile default/linux/hppa/17.0 (3 total)
> sys-apps/systemd:0=
x86 stable ppc stable Sanity check failed:
> sys-apps/ipmitool-1.8.18_p20201004-r1
> depend hppa stable profile default/linux/hppa/17.0 (3 total)
> sys-apps/systemd:0=
> rdepend hppa stable profile default/linux/hppa/17.0 (3 total)
> sys-apps/systemd:0=
amd64 done hppa stable Maintainers, please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=989d26c6ff9f0298eba4b09df237862cf9509af8 commit 989d26c6ff9f0298eba4b09df237862cf9509af8 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-12-27 08:36:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-12-29 20:46:35 +0000 sys-apps/ipmitool: security cleanup (drop <1.8.18_p20201004-r1) Bug: https://bugs.gentoo.org/708436 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/18827 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/ipmitool/Manifest | 3 - sys-apps/ipmitool/ipmitool-1.8.18-r1.ebuild | 89 -------------------------- sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild | 96 ----------------------------- 3 files changed, 188 deletions(-) Tree clean, GLSA request already filed. This issue was resolved and addressed in GLSA 202101-03 at https://security.gentoo.org/glsa/202101-03 by GLSA coordinator Sam James (sam_c). |