It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
| Link | Tags |
|---|---|
| https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp | third party advisory patch |
| https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 | third party advisory patch |
| https://lists.debian.org/debian-lts-announce/2020/02/msg00006.html | third party advisory mailing list |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYYEKUAUTCWICM77HOEGZDVVEUJLP4BP/ | vendor advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K2BPW66KDP4H36AGZXLED57A3O2Y6EQW/ | vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00031.html | mailing list third party advisory vendor advisory |
| https://security.gentoo.org/glsa/202101-03 | third party advisory vendor advisory |
| https://lists.debian.org/debian-lts-announce/2021/06/msg00029.html | third party advisory mailing list |