CVE-2020-5208 - log back

CVE-2020-5208 edited at 20 Feb 2021 00:01:31
Severity
- Medium
+ High
References
https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2
+ https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10
+ https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22
+ https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4
+ https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10
+ https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637
CVE-2020-5208 edited at 19 Feb 2021 23:56:55
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
References
+ https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
+ https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2
Notes
CVE-2020-5208 created at 19 Feb 2021 23:55:38