OpenIPMI: IPMI event daemon creates PID file with world writeable permissions

[Huzaifa Sidhpurwala <huzaifas () redhat com>]

Hi,

A insecure file permissions flaw was found in the way IPMI event daemon 
of the OpenIPMI (Intelligent Platform Management Interface) library and 
tools created its PID file (it was created with 0666 permissions). A 
local user could use this flaw to kill arbitrary running process during 
ipmievd service shutdown.

This has been assigned CVE-2011-4339

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=742837


--
Huzaifa Sidhpurwala / Red Hat Security Response Team