From secunia security advisory at $URL: Description: The security issue is caused due to ipmievd creating PID files with insecure permissions, which can be exploited to e.g. terminate other processes by exchanging the process ID stored in the PID file. The security issue is confirmed in version 1.8.11. Other versions may also be affected. Solution: There is a proposed patch: https://bugzilla.redhat.com/attachment.cgi?id=525972
CVE-2011-4339 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4339): ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.
Is this package abandoned :(? Seems like a pretty simple fix if a dev with a spare minute or two could add the patch and tweak the ebuild :). Thanks...
This fix has been in the tree since Jan 21 already, as part of the Ubuntu patchset that also adds Dell support.
Arches, please test and mark stable: =sys-apps/ipmitool-1.8.11-r1 Target keywords : "amd64 ppc x86"
@robbat2: ebuild.minorsyn 1 sys-apps/ipmitool/ipmitool-1.8.11-r1.ebuild: Ebuild contains leading spaces on line: 14 and seems missing readline ad rdepend, scanelf says that. amd64 stable
x86 stable. Thanks:
ppc done
Thanks, everyone. GLSA vote: no.
GLSA Vote: No, too. Closing.