Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 708436 (CVE-2020-5208) - sys-apps/ipmitool: buffer overflows and potentially remote code execution (CVE-2020-5208)
Summary: sys-apps/ipmitool: buffer overflows and potentially remote code execution (CV...
Alias: CVE-2020-5208
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [upstream]
Depends on:
Reported: 2020-02-06 00:21 UTC by filip ambroz
Modified: 2020-03-26 15:21 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2020-02-06 00:21:19 UTC
from URL:


It's been found that multiple functions in ipmitool 1.8.18 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user.

All users of ipmitool are potentially affected.


Version 1.8.19 will have this problem fixed.


There are no workarounds to completely remediate the vulnerability, but possibility of it being exploited can be significantly lowered by:

- Not running ipmitool as a privileged user
- Not running ipmitool over demilitarized network or against untrusted IPMI-enabled devices
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2020-02-06 18:12:22 UTC
It's not just a single patch, it's a whole series of them and they depend on other commits post 1.8.18.

I'm not sure of upstream's release schedule for 1.8.19 yet, punting to wait for upstream.