[ipmitool/f15] fixed CVE-2011-4339

Jan Šafránek jsafrane at fedoraproject.org
Tue Dec 13 12:57:50 UTC 2011 

commit 7630f641f38e2cd59e38f125c9d58740021126a7
Author: Jan Safranek <jsafrane at redhat.com>
Date:   Tue Dec 13 13:54:58 2011 +0100

    fixed CVE-2011-4339

 ipmitool-1.8.11-remove-umask0.patch |   13 +++++++++++++
 ipmitool.spec                       |    7 ++++++-
 2 files changed, 19 insertions(+), 1 deletions(-)
---
diff --git a/ipmitool-1.8.11-remove-umask0.patch b/ipmitool-1.8.11-remove-umask0.patch
new file mode 100644
index 0000000..779c505
--- /dev/null
+++ b/ipmitool-1.8.11-remove-umask0.patch
@@ -0,0 +1,13 @@
+CVE-2011-4339 OpenIPMI: IPMI event daemon creates PID file with world writeable permissions
+
+diff -up ipmitool-1.8.11/lib/helper.c.original ipmitool-1.8.11/lib/helper.c
+--- ipmitool-1.8.11/lib/helper.c.original	2011-10-03 13:00:54.000000000 +0900
++++ ipmitool-1.8.11/lib/helper.c	2011-10-03 13:01:01.000000000 +0900
+@@ -427,7 +427,6 @@ ipmi_start_daemon(struct ipmi_intf *intf
+ #endif
+ 
+ 	chdir("/");
+-	umask(0);
+ 
+ 	for (fd=0; fd<64; fd++) {
+ 		if (fd != intf->fd)
diff --git a/ipmitool.spec b/ipmitool.spec
index 030aad6..0d65f95 100644
--- a/ipmitool.spec
+++ b/ipmitool.spec
@@ -1,7 +1,7 @@
 Name:         ipmitool
 Summary:      Utility for IPMI control
 Version:      1.8.11
-Release:      6%{?dist}
+Release:      7%{?dist}
 License:      BSD
 Group:        System Environment/Base
 URL:          http://ipmitool.sourceforge.net/
@@ -16,6 +16,7 @@ Provides: OpenIPMI-tools = 2.0.14-3
 
 Patch1: ipmitool-1.8.10-ipmievd-init.patch
 Patch2: ipmitool-1.8.10-ipmievd-condrestart.patch
+Patch3: ipmitool-1.8.11-remove-umask0.patch
 
 %description
 This package contains a utility for interfacing with devices that support
@@ -37,6 +38,7 @@ setting LAN configuration, and chassis power control.
 %setup -q
 %patch1 -p1 -b .ipmievd-init
 %patch2 -p0 -b .condrestart
+%patch3 -p1 -b .umask
 
 for f in AUTHORS ChangeLog; do
     iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8
@@ -87,6 +89,9 @@ fi
 
 
 %changelog
+* Tue Dec 13 2011 Jan Safranek <jsafrane at redhat.com> - 1.8.11-7
+- fixed CVE-2011-4339
+
 * Wed Feb 09 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.8.11-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

More information about the scm-commits mailing list