CVE 2020-5208
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
Related bugs and status
CVE-2020-5208 (Candidate) is related to these bugs:
Bug #1576812: [MIR] ipmitool
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1576812 | [MIR] ipmitool | ipmitool (Ubuntu) | Undecided | Won't Fix | ||
1576812 | [MIR] ipmitool | cluster-glue (Ubuntu) | Undecided | Fix Released |
Bug #1864612: requests ipmi-tool to include lasted patch for supporting quanta server
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1864612 | requests ipmi-tool to include lasted patch for supporting quanta server | ipmitool (Ubuntu) | Low | Fix Released | ||
1864612 | requests ipmi-tool to include lasted patch for supporting quanta server | ipmitool (Ubuntu Bionic) | Wishlist | Incomplete | ||
1864612 | requests ipmi-tool to include lasted patch for supporting quanta server | ipmitool (Ubuntu Hirsute) | Wishlist | Fix Released | ||
1864612 | requests ipmi-tool to include lasted patch for supporting quanta server | ipmitool (Ubuntu Groovy) | Wishlist | Won't Fix | ||
1864612 | requests ipmi-tool to include lasted patch for supporting quanta server | ipmitool (Ubuntu Focal) | Wishlist | Incomplete | ||
1864612 | requests ipmi-tool to include lasted patch for supporting quanta server | ipmitool (Ubuntu Impish) | Low | Fix Released |
Bug #1906470: CVE-2019-11068: libxslt: bypass of protection mechanism
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1906470 | CVE-2019-11068: libxslt: bypass of protection mechanism | StarlingX | High | Fix Released |
Bug #1906471: CVE-2019-17006: nss: crypto primitives missing length checks
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1906471 | CVE-2019-17006: nss: crypto primitives missing length checks | StarlingX | High | Fix Released |
Bug #1908088: stx-tools: yum fails in Docker with misleading error messages
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1908088 | stx-tools: yum fails in Docker with misleading error messages | StarlingX | Low | Fix Released |
Bug #1908297: populate_downloads.sh doesn't clean/backup old content
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1908297 | populate_downloads.sh doesn't clean/backup old content | StarlingX | Low | Fix Released |
Bug #1908751: mirror-check.sh failes for layered build
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1908751 | mirror-check.sh failes for layered build | StarlingX | Low | Triaged |
Bug #1910130: Build of 'compile' layer fails due to missing python3 dependencies
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1910130 | Build of 'compile' layer fails due to missing python3 dependencies | StarlingX | Critical | Fix Released |
Bug #1912139: CVE-2018-19519: tcpdump: a stack-based buffer over-read
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1912139 | CVE-2018-19519: tcpdump: a stack-based buffer over-read | StarlingX | Medium | Fix Released |
Bug #1912682: tools: Dockerfile: yum install silently ignores errors
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1912682 | tools: Dockerfile: yum install silently ignores errors | StarlingX | Low | Fix Released |
Bug #1915050: IPv6: All hosts remain offline after booting off the controller-0
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1915050 | IPv6: All hosts remain offline after booting off the controller-0 | StarlingX | Critical | Fix Released |
Bug #1917901: tb.sh create fails on rmdir /var/lib/mock
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1917901 | tb.sh create fails on rmdir /var/lib/mock | StarlingX | High | Fix Released |
Bug #1918154: CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1918154 | CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow | StarlingX | High | Fix Released |
Bug #1918477: download_mirror.sh is slow
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1918477 | download_mirror.sh is slow | StarlingX | High | Fix Released |
Bug #1920024: linuxsoft.cern.ch is no longer responding
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1920024 | linuxsoft.cern.ch is no longer responding | StarlingX | High | Fix Released |
Bug #1923458: basearch not always set
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1923458 | basearch not always set | StarlingX | Medium | Fix Released |
Bug #1924691: systemd sends tons of useless PropertiesChanged messages when a mount happens
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1924691 | systemd sends tons of useless PropertiesChanged messages when a mount happens | StarlingX | Medium | Fix Released |
Bug #1926372: CVE-2021-26937 screen segfault
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1926372 | CVE-2021-26937 screen segfault | StarlingX | High | Fix Released |
Bug #1926987: Download_mirror.sh fails on 'flockflock'
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1926987 | Download_mirror.sh fails on 'flockflock' | StarlingX | Critical | Fix Released |
Bug #1927137: Docker build env fails on git-review
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1927137 | Docker build env fails on git-review | StarlingX | Critical | Fix Released |
Bug #1978144: [MIR] ipmitool
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1978144 | [MIR] ipmitool | ipmitool (Ubuntu) | Undecided | Won't Fix |
See the
CVE page on Mitre.org
for more details.