ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c (CVE-2020-5208)

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user.

Fixed In Version:

ipmitool 1.8.19

References:

https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
https://nvd.nist.gov/vuln/detail/CVE-2020-5208

Patch:

https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2

Affected branches:

master
3.11-stable

Edited Mar 19, 2020 by Leo

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information