from URL: *Impact It's been found that multiple functions in ipmitool 1.8.18 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. All users of ipmitool are potentially affected. *Patches Version 1.8.19 will have this problem fixed. *Workarounds There are no workarounds to completely remediate the vulnerability, but possibility of it being exploited can be significantly lowered by: - Not running ipmitool as a privileged user - Not running ipmitool over demilitarized network or against untrusted IPMI-enabled devices
Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5208 https://nvd.nist.gov/vuln/detail/CVE-2020-5208 Patch: https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2
It's not just a single patch, it's a whole series of them and they depend on other commits post 1.8.18. I'm not sure of upstream's release schedule for 1.8.19 yet, punting to wait for upstream.
CVE-2020-5208 (https://nvd.nist.gov/vuln/detail/CVE-2020-5208): It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
(In reply to Robin Johnson from comment #2) > It's not just a single patch, it's a whole series of them and they depend on > other commits post 1.8.18. > > I'm not sure of upstream's release schedule for 1.8.19 yet, punting to wait > for upstream. No problem. Obviously let us know when they release .19 if we don't catch it ourselves. Thanks as always.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=354053fecd502788f67e9d432c0985f3ab724c79 commit 354053fecd502788f67e9d432c0985f3ab724c79 Author: Robin H. Johnson <robbat2@gentoo.org> AuthorDate: 2020-10-21 22:08:51 +0000 Commit: Robin H. Johnson <robbat2@gentoo.org> CommitDate: 2020-10-21 22:09:13 +0000 sys-apps/ipmitool: snapshot upstream for CVE Upstream has still made a new release since 2016/10/08; including the promised 1.8.19 per their own security advisory on 2020/02/04. Capture the latest upstream state as a snapshot release, and port the Debian patchset to it, as the Debian patchset contains other updates & CVE fixes rejected by upstream. Reference: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp Bug: https://bugs.gentoo.org/708436 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> sys-apps/ipmitool/Manifest | 4 + sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild | 96 ++++++++++++++ sys-apps/ipmitool/ipmitool-1.8.18_p20201004.ebuild | 145 +++++++++++++++++++++ 3 files changed, 245 insertions(+)
Thanks! Please proceed with stabilization when ready.
stable-arches: amd64, hppa, ppc, x86 arches, please compile-test and stabilize sys-apps/ipmitool_p20201004 If you have IPMI hardware, you can also test with it, but that shouldn't hold up the rest of this.
Unable to check for sanity: > disallowed package spec (only = allowed): sys-apps/ipmitool_p20201004
arches: sys-apps/ipmitool_p20201004-r1 for stablereq sys-apps/ipmitool_p20201004-r2 adds more tooling from contrib/
Unable to check for sanity: > disallowed package spec (only = allowed): sys-apps/ipmitool_p20201004-r1
Sanity check failed: > sys-apps/ipmitool-1.8.18_p20201004-r1 > depend hppa stable profile default/linux/hppa/17.0 (3 total) > sys-apps/systemd:0= > rdepend hppa stable profile default/linux/hppa/17.0 (3 total) > sys-apps/systemd:0=
x86 stable
ppc stable
amd64 done
hppa stable
Maintainers, please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=989d26c6ff9f0298eba4b09df237862cf9509af8 commit 989d26c6ff9f0298eba4b09df237862cf9509af8 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-12-27 08:36:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-12-29 20:46:35 +0000 sys-apps/ipmitool: security cleanup (drop <1.8.18_p20201004-r1) Bug: https://bugs.gentoo.org/708436 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/18827 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/ipmitool/Manifest | 3 - sys-apps/ipmitool/ipmitool-1.8.18-r1.ebuild | 89 -------------------------- sys-apps/ipmitool/ipmitool-1.8.18-r2.ebuild | 96 ----------------------------- 3 files changed, 188 deletions(-)
Tree clean, GLSA request already filed.
This issue was resolved and addressed in GLSA 202101-03 at https://security.gentoo.org/glsa/202101-03 by GLSA coordinator Sam James (sam_c).