Описание
OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution.
A flaw was found in the IPMI simulator (ipmi_sim) component of OpenIPMI. Due to a missing check in the authorization type on incoming LAN messages, an attacker may be able to trigger a denial of service.
Отчет
There is a low risk of this flaw being used to authenticate messages without actual authentication. This issue affects systems where ipmi_sim has been deployed in production. The main OpenIPMI library is not affected.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | OpenIPMI | Not affected | ||
| Red Hat Enterprise Linux 6 | OpenIPMI | Out of support scope | ||
| Red Hat Enterprise Linux 7 | OpenIPMI | Out of support scope | ||
| Red Hat Enterprise Linux 8 | OpenIPMI | Will not fix | ||
| Red Hat Enterprise Linux 9 | OpenIPMI | Fixed | RHSA-2024:8037 | 14.10.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | OpenIPMI | Fixed | RHSA-2024:8081 | 14.10.2024 |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS3
Связанные уязвимости
OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution.
OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution.
OpenIPMI before 2.0.36 has an out-of-bounds array access (for authenti ...
5 Medium
CVSS3