Vulnerability CVE-2020-5208: Information

Description

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: Feb. 5, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-120

Fixed packages

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:ipmitool_project:ipmitool:1.8.18:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*