Exploit for Gentoo Linux Security Advisory 202101-03 CVE-2020-5208

Name: Exploit for Gentoo Linux Security Advisory 202101-03 CVE-2020-5208
Rating: 5 (157 reviews)
2021-01-11 | CVSS 6.5
## https://sploitus.com/exploit?id=PACKETSTORM:160875
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory GLSA 202101-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
  
Severity: Normal  
Title: ipmitool: Multiple vulnerabilities  
Date: January 10, 2021  
Bugs: #708436  
ID: 202101-03  
  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
  
Synopsis  
========  
  
A buffer overflow in ipmitool might allow remote attacker(s) to execute  
arbitrary code.  
  
Background  
==========  
  
Utility for controlling IPMI enabled devices.  
  
Affected packages  
=================  
  
-------------------------------------------------------------------  
Package / Vulnerable / Unaffected  
-------------------------------------------------------------------  
1 sys-apps/ipmitool < 1.8.18_p20201004-r1>= 1.8.18_p20201004-r1  
  
Description  
===========  
  
Multiple vulnerabilities have been discovered in ipmiool. Please review  
the CVE identifiers referenced below for details.  
  
Impact  
======  
  
A remote attacker could possibly execute arbitrary code with the  
privileges of the process or cause a Denial of Service condition.  
  
Workaround  
==========  
  
There is no known workaround at this time.  
  
Resolution  
==========  
  
All ipmitool users should upgrade to the latest version:  
  
# emerge --sync  
# emerge --ask --oneshot -v ">=sys-apps/ipmitool-1.8.18_p20201004-r1"  
  
References  
==========  
  
[ 1 ] CVE-2020-5208  
https://nvd.nist.gov/vuln/detail/CVE-2020-5208  
  
Availability  
============  
  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:  
  
https://security.gentoo.org/glsa/202101-03  
  
Concerns?  
=========  
  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.  
  
License  
=======  
  
Copyright 2021 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).  
  
The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.  
  
https://creativecommons.org/licenses/by-sa/2.5