Bug 1326638 (CVE-2013-4786)
| Summary: | CVE-2013-4786 OpenIPMI, freeipmi: Leakage of password hashes via RAKP authentication | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aledvink, branto, mdshaikh, pknirsch |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-04-14 09:58:38 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1326639, 1326640 | ||
| Bug Blocks: | 1326641 | ||
|
Description
Adam Mariš
2016-04-13 09:24:12 UTC
Created OpenIPMI tracking bugs for this issue: Affects: fedora-all [bug 1326639] Created freeipmi tracking bugs for this issue: Affects: fedora-all [bug 1326640] I'm not sure what are we supposed to do here? This is an issue in hardware. It is (the firmware in the) BMC controller that sends the RAKP 2 message. We do not send the message in any of the specified software. We just receive it. Also, the BMC firmware just follows the (faulty) specification and its firmware would have to be updated alongside the IPMI specs to fix this issue. -> I'm inclined to close these bugs as CANTFIX or NOTABUG Statement: This issue did not affect the versions of OpenIPMI or freeipmi as shipped with Red Hat Enterprise Linux 5, 6, and 7. |