Bug 1799039

Summary: CVE-2020-5208 ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c
Product: Red Hat Enterprise Linux 8 Reporter: Vaclav Dolezal <vdolezal>
Component: ipmitoolAssignee: Vaclav Dolezal <vdolezal>
Status: CLOSED ERRATA QA Contact: Rachel Sibley <rasibley>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.1CC: jridky, jsafrane, ovasik, psampaio, rvr, security-response-team, vdolezal
Target Milestone: rcKeywords: Security
Target Release: 8.3   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ipmitool-1.8.18-14.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: CVE-2020-5208 Environment:
Last Closed: 2020-04-28 15:45:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1798721    
Bug Blocks:    

Description Vaclav Dolezal 2020-02-06 13:58:40 UTC 
+++ This bug was initially created as a clone of Bug #1798721 +++

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.

Upstream patch:

https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2

References:

https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp

--- Additional comment from Pedro Sampaio on 2020-02-05 21:01:57 UTC ---

Created ipmitool tracking bugs for this issue:

Affects: fedora-all [bug 1798722]
Comment 8 errata-xmlrpc 2020-04-28 15:45:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1642