CVE-2011-4339
CVE-2011-4339 is a low-severity vulnerability in Ipmitool Project Ipmitool with a CVSS 2.0 base score of 3.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-732.
Key facts
- Severity: Low (CVSS 2.0 base score 3.6)
- EPSS exploit prediction: 0% (35th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-732
- Affected product: Ipmitool Project Ipmitool
- Published:
- Last modified:
Description
ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.
Frequently asked questions
- What is CVE-2011-4339?
- ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.
- How severe is CVE-2011-4339?
- CVE-2011-4339 has a CVSS 2.0 base score of 3.6, rated low severity.
- Is CVE-2011-4339 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (35th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2011-4339?
- CVE-2011-4339 affects Ipmitool Project Ipmitool. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2011-4339?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2011-4339 published?
- CVE-2011-4339 was published on 2011-12-15 and last updated on 2026-06-16.
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071575.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071580.html
- http://openwall.com/lists/oss-security/2011/12/13/1
- http://rhn.redhat.com/errata/RHSA-2013-0123.html
- http://secunia.com/advisories/47173
- http://secunia.com/advisories/47228
- http://secunia.com/advisories/47376
- http://www.debian.org/security/2011/dsa-2376
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:196
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.redhat.com/support/errata/RHSA-2011-1814.html
- http://www.securityfocus.com/bid/51036
- http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
- https://bugzilla.redhat.com/show_bug.cgi?id=742837
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71763
Affected products (1)
- cpe:2.3:a:ipmitool_project:ipmitool:1.8.11:*:*:*:*:*:*:*
More vulnerabilities in Ipmitool Project Ipmitool
- CVE-2020-5208 — High (CVSS 7.7): It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a…
All CVEs affecting Ipmitool Project Ipmitool →
Other CWE-732 (Incorrect Permission Assignment for Critical Resource) vulnerabilities
- CVE-2026-9508 — Critical (CVSS 10.0): Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow…
- CVE-2025-14988 — Critical (CVSS 10.0): A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain…
- CVE-2025-69426 — Critical (CVSS 10.0): The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating…
- CVE-2025-12004 — Critical (CVSS 10.0): Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown…
- CVE-2014-125121 — Critical (CVSS 10.0): Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation…
- CVE-2025-46093 — Critical (CVSS 9.9): LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to…
Browse all CWE-732 (Incorrect Permission Assignment for Critical Resource) vulnerabilities →