CVE-2020-5208

Name
CVE-2020-5208
Description
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
Patch https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2
MLIST https://lists.debian.org/debian-lts-announce/2020/02/msg00006.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYYEKUAUTCWICM77HOEGZDVVEUJLP4BP/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K2BPW66KDP4H36AGZXLED57A3O2Y6EQW/
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00031.html
GENTOO https://security.gentoo.org/glsa/202101-03
MLIST https://lists.debian.org/debian-lts-announce/2021/06/msg00029.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:ipmitool_project:ipmitool:1.8.18:*:*:*:*:*:*:* ipmitool == None == 1.8.18

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ipmitool 3.13-community 1.8.18-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
ipmitool 3.14-community 1.8.18-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
ipmitool 3.15-community 1.8.18-r10 Natanael Copa <ncopa@alpinelinux.org> fixed
ipmitool 3.16-community 1.8.18-r10 Natanael Copa <ncopa@alpinelinux.org> fixed