Skip to navigation

Security Advisory Low: OpenIPMI security, bug fix, and enhancement update

Advisory: RHSA-2013:0123-1
Type: Security Advisory
Severity: Low
Issued on: 2013-01-08
Last updated on: 2013-01-08
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2011-4339

Details

Updated OpenIPMI packages that fix one security issue, multiple bugs, and
add one enhancement are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The OpenIPMI packages provide command line tools and utilities to access
platform information using Intelligent Platform Management Interface
(IPMI). System administrators can use OpenIPMI to manage systems and to
perform system health monitoring.

It was discovered that the IPMI event daemon (ipmievd) created its process
ID (PID) file with world-writable permissions. A local user could use this
flaw to make the ipmievd init script kill an arbitrary process when the
ipmievd daemon is stopped or restarted. (CVE-2011-4339)

Note: This issue did not affect the default configuration of OpenIPMI as
shipped with Red Hat Enterprise Linux 5.

This update also fixes the following bugs:

* Prior to this update, the ipmitool utility first checked the IPMI
hardware for Dell IPMI extensions and listed only supported commands when
printing command usage like the option "ipmtool delloem help". On a
non-Dell platform, the usage text was incomplete and misleading. This
update lists all Dell OEM extensions in usage texts on all platforms, which
allows users to check for command line arguments on non-Dell hardware.
(BZ#658762)

* Prior to this update, the ipmitool utility tried to retrieve the Sensor
Data Records (SDR) from the IPMI bus instead of the Baseboard Management
Controller (BMC) bus when IPMI-enabled devices reported SDR under a
different owner than the BMC. As a consequence, the timeout setting for the
SDR read attempt could significantly decrease the performance and no sensor
data was shown. This update modifies ipmitool to read these SDR records
from the BMC and shows the correct sensor data on these platforms.
(BZ#671059, BZ#749796)

* Prior to this update, the exit code of the "ipmitool -o list" option was
not set correctly. As a consequence, "ipmitool -o list" always returned the
value 1 instead of the expected value 0. This update modifies the
underlying code to return the value 0 as expected. (BZ#740780)

* Prior to this update, the "ipmi" service init script did not specify the
full path to the "/sbin/lsmod" and "/sbin/modprobe" system utilities. As a
consequence, the init script failed when it was executed if PATH did not
point to /sbin, for example, when running "sudo /etc/init.d/ipmi". This
update modifies the init script so that it now contains the full path to
lsmod and modrpobe. Now, it can be executed with sudo. (BZ#829705)

* Prior to this update, the ipmitool man page did not list the "-b", "-B",
"-l" and "-T" options. In this update, these options are documented in the
ipmitool man page. (BZ#846596)

This update also adds the following enhancement:

* Updates to the Dell-specific IPMI extension: A new vFlash command, which
allows users to display information about extended SD cards; a new setled
command, which allows users to display the backplane LED status; improved
error descriptions; added support for new hardware; and updated
documentation of the ipmitool delloem commands in the ipmitool manual
page. (BZ#797050)

All users of OpenIPMI are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add this
enhancement.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
OpenIPMI-2.0.16-16.el5.src.rpm     MD5: dfefd98183b3d20697abef38ed4d9afd
SHA-256: 73861f4e810f67a8d82412a60c8830ea42972ccb178b3af6da8c930f54b5d458
 
IA-32:
OpenIPMI-debuginfo-2.0.16-16.el5.i386.rpm     MD5: 0699459bae9f102a6ea42dcd24cd72b5
SHA-256: 2b3ebfc09f0bf8bc4d5396450bff41db5f304a4c7363721416ec0f22d64c08de
OpenIPMI-devel-2.0.16-16.el5.i386.rpm     MD5: 26cf38414e66b6e6a0210825ffb3b2dd
SHA-256: 8be84af5a9efc7ae361d9eaa248ab1e864dd2c732fc9749ac3bca64328b070c2
 
x86_64:
OpenIPMI-debuginfo-2.0.16-16.el5.i386.rpm     MD5: 0699459bae9f102a6ea42dcd24cd72b5
SHA-256: 2b3ebfc09f0bf8bc4d5396450bff41db5f304a4c7363721416ec0f22d64c08de
OpenIPMI-debuginfo-2.0.16-16.el5.x86_64.rpm     MD5: ac97405262411a11ff58d22e6c31432c
SHA-256: 9b196787fb660b292468c51c2f423aa390eec9c295e272c466fa19f434bc7453
OpenIPMI-devel-2.0.16-16.el5.i386.rpm     MD5: 26cf38414e66b6e6a0210825ffb3b2dd
SHA-256: 8be84af5a9efc7ae361d9eaa248ab1e864dd2c732fc9749ac3bca64328b070c2
OpenIPMI-devel-2.0.16-16.el5.x86_64.rpm     MD5: 9d31c8a61ba96015c962f80687ba8c93
SHA-256: 14e9e53257b872503faabf0a080b1a34de1660c042c0f5962694d0827182b799
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
OpenIPMI-2.0.16-16.el5.src.rpm     MD5: dfefd98183b3d20697abef38ed4d9afd
SHA-256: 73861f4e810f67a8d82412a60c8830ea42972ccb178b3af6da8c930f54b5d458
 
IA-32:
OpenIPMI-2.0.16-16.el5.i386.rpm     MD5: a61254390a1245278d3fa8954ff63215
SHA-256: 7f09732ab18fa4d8a29b899271a541cf9fcec4f34bf76cb8cf0bb0b8c3faf092
OpenIPMI-debuginfo-2.0.16-16.el5.i386.rpm     MD5: 0699459bae9f102a6ea42dcd24cd72b5
SHA-256: 2b3ebfc09f0bf8bc4d5396450bff41db5f304a4c7363721416ec0f22d64c08de
OpenIPMI-devel-2.0.16-16.el5.i386.rpm     MD5: 26cf38414e66b6e6a0210825ffb3b2dd
SHA-256: 8be84af5a9efc7ae361d9eaa248ab1e864dd2c732fc9749ac3bca64328b070c2
OpenIPMI-gui-2.0.16-16.el5.i386.rpm     MD5: bf2f8382e1a038c2cbd1d1a0bf4ba511
SHA-256: 5306a59856efcd58da5b582566399ac6e274693975688eefdb58fea76a22d486
OpenIPMI-libs-2.0.16-16.el5.i386.rpm     MD5: 03203881107c46552cd7b6b3ce6ba8a4
SHA-256: a3a0c4fa6112dbb380f407650da4c732e6dc6bd9de16c772aa0c8df926343db1
OpenIPMI-perl-2.0.16-16.el5.i386.rpm     MD5: 39967c86761eafd132207b69a67a4dc2
SHA-256: 655535fcb89c87c2010f4e9f624c9e9072f9c177971aa671c6ba97bcf332903b
OpenIPMI-python-2.0.16-16.el5.i386.rpm     MD5: b7084f1e6491b2c12bf1ed365d93bc43
SHA-256: 30c789a07ca592f13e080be6583694e3ab4fea92b640c016c37d26df7b363ccb
OpenIPMI-tools-2.0.16-16.el5.i386.rpm     MD5: 7bc55ce847fa10a8adf7978fd5a538d5
SHA-256: ea100089c9a71407be4d59fe1d6faf105ee242bf435e0800a70432b3b28e4c0f
 
IA-64:
OpenIPMI-2.0.16-16.el5.ia64.rpm     MD5: c768efc80afb2184bbf32736275e03de
SHA-256: ed2ff81ed4cf9923c3d648807ad23b1651e55b056d39a4b2897647a6b442bc07
OpenIPMI-debuginfo-2.0.16-16.el5.ia64.rpm     MD5: 0bcba517f44b84f347bfabaa10ea5027
SHA-256: ff05de649f32d720cadd102a82a007cfcce814eac57100627211d6adabad96b6
OpenIPMI-devel-2.0.16-16.el5.ia64.rpm     MD5: a90e9b67b8cf8bec85fa85ceded63a56
SHA-256: 956c28a11a2dcd6142b1d3699cbb9299e36dd155669c17bec7c6b065d4dcf6ec
OpenIPMI-gui-2.0.16-16.el5.ia64.rpm     MD5: 89988660e1b5c3db769e5afa5ce5e386
SHA-256: 0e779070613a7e6f255b15091c1d6a6b02ec5af522f287bd5a74bef197da49c7
OpenIPMI-libs-2.0.16-16.el5.ia64.rpm     MD5: 21cf441cdf296a43c6c4ef886f48f8e8
SHA-256: 52be0fb3842fe87fb4e0049f8666af9df006584a71a366d5cffa54ce783f761f
OpenIPMI-perl-2.0.16-16.el5.ia64.rpm     MD5: 902a594f34283787287c3a0c6b2a9934
SHA-256: 48fecbd32aecc197362472da37790ad56be24e11bdbb2f3969eb29271859846d
OpenIPMI-python-2.0.16-16.el5.ia64.rpm     MD5: 475eb204c8562b56b95c7664cd526c82
SHA-256: 91a258136687086f6d03c9cfe71d2931e4217ecaeb004a24bed76514d4cfbe2d
OpenIPMI-tools-2.0.16-16.el5.ia64.rpm     MD5: 4851bf6f1d3d1b9343e53122d57a642b
SHA-256: 96c99104efb91e7724201244a8a8c9cf82ac8ada90fceda67e246d7b5929a58a
 
PPC:
OpenIPMI-2.0.16-16.el5.ppc.rpm     MD5: a254ab3d2808f3eae05c9615442e6a5a
SHA-256: ef0c46e5bfbf7ff2ddc0d6c47830384afd363e30599d4b1036013ce64f4577e8
OpenIPMI-debuginfo-2.0.16-16.el5.ppc.rpm     MD5: 4da658198214de2f7a941bc32c05effd
SHA-256: b30a44003a379339e7dcf6da678cc0a5086e96b78f35d67bcdc15fed27c9477d
OpenIPMI-debuginfo-2.0.16-16.el5.ppc64.rpm     MD5: 4b5bec8cf78ebab1b0a7dd532cf6d4e7
SHA-256: bf7e5391c52b470b2c0b68614440992692a95b83f39c1c0c1871795fe30ef89b
OpenIPMI-devel-2.0.16-16.el5.ppc.rpm     MD5: 9c1de4a1edc2ec8fde6c498f19897561
SHA-256: 09df379c07ea00bf4be023d2da2f37c550ac903f486fab74471dc11d52312ed2
OpenIPMI-devel-2.0.16-16.el5.ppc64.rpm     MD5: 1493a4aa29f2e0d4eaf1fc3ebdef72bc
SHA-256: 07e22d31f996fd792c4947fd1aeeb5e6d40207f3ee7319594f5d1b0b17d1eac6
OpenIPMI-gui-2.0.16-16.el5.ppc.rpm     MD5: 79d047404cd382b0a4463c3ba51a67a8
SHA-256: 71229a18306821386df69185caa2eb1937c8aae01e24df4e9e99ed00c6ec49d4
OpenIPMI-libs-2.0.16-16.el5.ppc.rpm     MD5: 45b29019dcdf45f935075a3ebd941816
SHA-256: 41b2266af57eccf76f6eb3fb055e8b13a5550943ec8e8d4315fcf1bea9d0a989
OpenIPMI-libs-2.0.16-16.el5.ppc64.rpm     MD5: 77c9d4a84a6cf01da55220b3df065055
SHA-256: e633247dc3ccc268458aa529bb04a653632954af47fb69e3f81b119be04439ec
OpenIPMI-perl-2.0.16-16.el5.ppc.rpm     MD5: d3ff3c7d17b60481950aaae91af7e76d
SHA-256: e2f1872dcb7dd47b06fbff0f6d682407384c927e3502346d7237c38c479fded3
OpenIPMI-python-2.0.16-16.el5.ppc.rpm     MD5: 20203c3ed97a5c312a7ba3260b5bcc4e
SHA-256: bfbde170612305d5ad182b19bec2ee956f9de514feb0fe86bb9d1d23cfc5d324
OpenIPMI-tools-2.0.16-16.el5.ppc.rpm     MD5: 3b10b4d14f9962934d09978a45b21ea8
SHA-256: e9fd6e7b404b65bd4faea9800401f260abb9475df82d73a147656a5526e615d4
 
s390x:
OpenIPMI-2.0.16-16.el5.s390x.rpm     MD5: b9622b04f4bdfd5e678dbcf0d68e2522
SHA-256: b561944dda4234ed19571d0f0a7adb254c78e8a6df4da29531201e4eab399057
OpenIPMI-debuginfo-2.0.16-16.el5.s390.rpm     MD5: 7c7d9cb5cb5a60be6e390efb6d8c2bff
SHA-256: 3b312a1515853b40ba4e6f7ba86d2f7899b785d63b139a38f841f8b1e1955dd4
OpenIPMI-debuginfo-2.0.16-16.el5.s390x.rpm     MD5: b4c2157a70fa0bc9164df31430f4653c
SHA-256: 0b356f49e0464d328779bbc26afb9143b931764798b4c3eeed6da4826ab8556b
OpenIPMI-devel-2.0.16-16.el5.s390.rpm     MD5: eff3c2076d2508c18a1fd02e06630c85
SHA-256: a4b5df028319f8732576f062d4bac17e894b277664b11166c976060bfc1565d7
OpenIPMI-devel-2.0.16-16.el5.s390x.rpm     MD5: 20705f9fb34918eb7787662c27ec4d45
SHA-256: ae0d2a6c9acdd224d690606da71b3625cac2f60bc3088d5d228597f19ad7a124
OpenIPMI-gui-2.0.16-16.el5.s390x.rpm     MD5: 796951435fdc8ab5f7aa7871f2d0ff3c
SHA-256: 94bfe14fff3bbe898365739cbfe3f2bd1f8f910a9878397d097f246ba42a67bf
OpenIPMI-libs-2.0.16-16.el5.s390.rpm     MD5: 0623ad751b6290f8b1b9ab8a0c6fdbc4
SHA-256: 653926442d7d4ed03f8e835bad97a564fb9f67ec8c1ff4683ac29ba4fbd8c1c2
OpenIPMI-libs-2.0.16-16.el5.s390x.rpm     MD5: 22daff6883f4909a675a1ed48d47b09b
SHA-256: 78f60362ea0982d3fb9b206f5e7f92510405d3bee5873286ee4847c98870cbcb
OpenIPMI-perl-2.0.16-16.el5.s390x.rpm     MD5: e08667e22f726f7775dbfa5eda854434
SHA-256: 885c7588d33f295f471e944c0d2ee91ae0d2fc820f2cfc7f86c612f6e600c023
OpenIPMI-python-2.0.16-16.el5.s390x.rpm     MD5: 946a03bcb0875fec154b74961411b176
SHA-256: b5ea8542a077621f97ca8273e6bb928418b457ec82c6f259a9d183f0a34f4603
OpenIPMI-tools-2.0.16-16.el5.s390x.rpm     MD5: 5a02b8ca636bb4bed90ede9a75c6ae3e
SHA-256: 550b8a8d7728ec9c9b063aecef606080a96f17deab2ebfe7c7d6f719931ce803
 
x86_64:
OpenIPMI-2.0.16-16.el5.x86_64.rpm     MD5: b2315a1a1bb83746b456d42cb9dfceae
SHA-256: 3cb884a3b82671a940cb6270cd2525c66bf78f39e5852b20cc85033126f2374b
OpenIPMI-debuginfo-2.0.16-16.el5.i386.rpm     MD5: 0699459bae9f102a6ea42dcd24cd72b5
SHA-256: 2b3ebfc09f0bf8bc4d5396450bff41db5f304a4c7363721416ec0f22d64c08de
OpenIPMI-debuginfo-2.0.16-16.el5.x86_64.rpm     MD5: ac97405262411a11ff58d22e6c31432c
SHA-256: 9b196787fb660b292468c51c2f423aa390eec9c295e272c466fa19f434bc7453
OpenIPMI-devel-2.0.16-16.el5.i386.rpm     MD5: 26cf38414e66b6e6a0210825ffb3b2dd
SHA-256: 8be84af5a9efc7ae361d9eaa248ab1e864dd2c732fc9749ac3bca64328b070c2
OpenIPMI-devel-2.0.16-16.el5.x86_64.rpm     MD5: 9d31c8a61ba96015c962f80687ba8c93
SHA-256: 14e9e53257b872503faabf0a080b1a34de1660c042c0f5962694d0827182b799
OpenIPMI-gui-2.0.16-16.el5.x86_64.rpm     MD5: da363a2ee6d3e20c7c3f6188ef60d420
SHA-256: 7b4e7553be2c249de59683d72f205bfc11d303ef549bf73dc6e239fcd3ee83d5
OpenIPMI-libs-2.0.16-16.el5.i386.rpm     MD5: 03203881107c46552cd7b6b3ce6ba8a4
SHA-256: a3a0c4fa6112dbb380f407650da4c732e6dc6bd9de16c772aa0c8df926343db1
OpenIPMI-libs-2.0.16-16.el5.x86_64.rpm     MD5: 72b69fe27f6d975965bb225dc991b4a6
SHA-256: c46a4a124ce9746fb1aaa92433cb59b5a9ad7e24084e1c2b8148c3d6c948c32b
OpenIPMI-perl-2.0.16-16.el5.x86_64.rpm     MD5: 2c368a1c5fc117b6a623e215c5e5bf38
SHA-256: 3e7fcf33b6eae381f626b3e70f2af49c78e9c1c412e745e1101963b3cdcb4d42
OpenIPMI-python-2.0.16-16.el5.x86_64.rpm     MD5: 793200849b399879304cd1e9ec21437b
SHA-256: 266b9f4fa812e67bb3cb34cad91d807d42b51aaba0a774c5d822ad4d67b7df04
OpenIPMI-tools-2.0.16-16.el5.x86_64.rpm     MD5: c8b001b040967fd37f470e6c8c3e8603
SHA-256: 3e56e6f11c0d1ec9cc5470c528721688da41f112f4307e77c599d6c1abe71f6a
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
OpenIPMI-2.0.16-16.el5.src.rpm     MD5: dfefd98183b3d20697abef38ed4d9afd
SHA-256: 73861f4e810f67a8d82412a60c8830ea42972ccb178b3af6da8c930f54b5d458
 
IA-32:
OpenIPMI-2.0.16-16.el5.i386.rpm     MD5: a61254390a1245278d3fa8954ff63215
SHA-256: 7f09732ab18fa4d8a29b899271a541cf9fcec4f34bf76cb8cf0bb0b8c3faf092
OpenIPMI-debuginfo-2.0.16-16.el5.i386.rpm     MD5: 0699459bae9f102a6ea42dcd24cd72b5
SHA-256: 2b3ebfc09f0bf8bc4d5396450bff41db5f304a4c7363721416ec0f22d64c08de
OpenIPMI-gui-2.0.16-16.el5.i386.rpm     MD5: bf2f8382e1a038c2cbd1d1a0bf4ba511
SHA-256: 5306a59856efcd58da5b582566399ac6e274693975688eefdb58fea76a22d486
OpenIPMI-libs-2.0.16-16.el5.i386.rpm     MD5: 03203881107c46552cd7b6b3ce6ba8a4
SHA-256: a3a0c4fa6112dbb380f407650da4c732e6dc6bd9de16c772aa0c8df926343db1
OpenIPMI-perl-2.0.16-16.el5.i386.rpm     MD5: 39967c86761eafd132207b69a67a4dc2
SHA-256: 655535fcb89c87c2010f4e9f624c9e9072f9c177971aa671c6ba97bcf332903b
OpenIPMI-python-2.0.16-16.el5.i386.rpm     MD5: b7084f1e6491b2c12bf1ed365d93bc43
SHA-256: 30c789a07ca592f13e080be6583694e3ab4fea92b640c016c37d26df7b363ccb
OpenIPMI-tools-2.0.16-16.el5.i386.rpm     MD5: 7bc55ce847fa10a8adf7978fd5a538d5
SHA-256: ea100089c9a71407be4d59fe1d6faf105ee242bf435e0800a70432b3b28e4c0f
 
x86_64:
OpenIPMI-2.0.16-16.el5.x86_64.rpm     MD5: b2315a1a1bb83746b456d42cb9dfceae
SHA-256: 3cb884a3b82671a940cb6270cd2525c66bf78f39e5852b20cc85033126f2374b
OpenIPMI-debuginfo-2.0.16-16.el5.i386.rpm     MD5: 0699459bae9f102a6ea42dcd24cd72b5
SHA-256: 2b3ebfc09f0bf8bc4d5396450bff41db5f304a4c7363721416ec0f22d64c08de
OpenIPMI-debuginfo-2.0.16-16.el5.x86_64.rpm     MD5: ac97405262411a11ff58d22e6c31432c
SHA-256: 9b196787fb660b292468c51c2f423aa390eec9c295e272c466fa19f434bc7453
OpenIPMI-gui-2.0.16-16.el5.x86_64.rpm     MD5: da363a2ee6d3e20c7c3f6188ef60d420
SHA-256: 7b4e7553be2c249de59683d72f205bfc11d303ef549bf73dc6e239fcd3ee83d5
OpenIPMI-libs-2.0.16-16.el5.i386.rpm     MD5: 03203881107c46552cd7b6b3ce6ba8a4
SHA-256: a3a0c4fa6112dbb380f407650da4c732e6dc6bd9de16c772aa0c8df926343db1
OpenIPMI-libs-2.0.16-16.el5.x86_64.rpm     MD5: 72b69fe27f6d975965bb225dc991b4a6
SHA-256: c46a4a124ce9746fb1aaa92433cb59b5a9ad7e24084e1c2b8148c3d6c948c32b
OpenIPMI-perl-2.0.16-16.el5.x86_64.rpm     MD5: 2c368a1c5fc117b6a623e215c5e5bf38
SHA-256: 3e7fcf33b6eae381f626b3e70f2af49c78e9c1c412e745e1101963b3cdcb4d42
OpenIPMI-python-2.0.16-16.el5.x86_64.rpm     MD5: 793200849b399879304cd1e9ec21437b
SHA-256: 266b9f4fa812e67bb3cb34cad91d807d42b51aaba0a774c5d822ad4d67b7df04
OpenIPMI-tools-2.0.16-16.el5.x86_64.rpm     MD5: c8b001b040967fd37f470e6c8c3e8603
SHA-256: 3e56e6f11c0d1ec9cc5470c528721688da41f112f4307e77c599d6c1abe71f6a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

658762 - ipmitool delloem accesses IPMI before acting (e.g. listing help)
671059 - bad performance of ipmitool sdr by update to 2.0.16
740780 - ipmitool -o list return always 1
742837 - CVE-2011-4339 OpenIPMI: IPMI event daemon creates PID file with world writeable permissions
749796 - Bad performance for ipmitool sdr in verbose mode
829705 - initscript of ipmi contains incomplete path and cannot start by certain users


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/