{
  "threat_severity" : "Important",
  "public_date" : "2020-02-05T00:00:00Z",
  "bugzilla" : {
    "description" : "ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c",
    "id" : "1798721",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1798721"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-119",
  "details" : [ "It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.", "A flaw was found in several functions of the IPMItool, where it failed to check data received from a LAN properly. An attacker could use this flaw to craft payloads, which can lead to a buffer overflow and also cause memory corruption, a denial of service, and remote code execution." ],
  "statement" : "The ipmitool package distributed with Red Hat Enterprise Linux versions are compiled using gcc's stack-protector feature. The stack canary generated by this feature helps mitigating any remote code execution attacks for this flaw.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2020-04-06T00:00:00Z",
    "advisory" : "RHSA-2020:1331",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "ipmitool-0:1.8.15-3.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-03-26T00:00:00Z",
    "advisory" : "RHSA-2020:0984",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "ipmitool-0:1.8.18-9.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2020-05-26T00:00:00Z",
    "advisory" : "RHSA-2020:2284",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "ipmitool-0:1.8.13-10.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2020-05-26T00:00:00Z",
    "advisory" : "RHSA-2020:2276",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "ipmitool-0:1.8.15-8.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Telco Extended Update Support",
    "release_date" : "2020-05-26T00:00:00Z",
    "advisory" : "RHSA-2020:2276",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.3",
    "package" : "ipmitool-0:1.8.15-8.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions",
    "release_date" : "2020-05-26T00:00:00Z",
    "advisory" : "RHSA-2020:2276",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.3",
    "package" : "ipmitool-0:1.8.15-8.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2020-05-19T00:00:00Z",
    "advisory" : "RHSA-2020:2213",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "ipmitool-0:1.8.18-6.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2020-05-19T00:00:00Z",
    "advisory" : "RHSA-2020:2213",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "ipmitool-0:1.8.18-6.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2020-05-19T00:00:00Z",
    "advisory" : "RHSA-2020:2213",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "ipmitool-0:1.8.18-6.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support",
    "release_date" : "2020-04-16T00:00:00Z",
    "advisory" : "RHSA-2020:1486",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.5",
    "package" : "ipmitool-0:1.8.18-9.el7_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2020-05-26T00:00:00Z",
    "advisory" : "RHSA-2020:2286",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "ipmitool-0:1.8.18-9.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-03-26T00:00:00Z",
    "advisory" : "RHSA-2020:0981",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "ipmitool-0:1.8.18-12.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-03-26T00:00:00Z",
    "advisory" : "RHSA-2020:0979",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.0",
    "package" : "ipmitool-0:1.8.18-12.el8_0"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-5208\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-5208\nhttps://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp" ],
  "name" : "CVE-2020-5208",
  "mitigation" : {
    "value" : "There's no mitigation available for this issue, although a few actions help to reduce the attack risk:\n1) Avoid to run `ipmitool` as privileged user;\n2) Avoid to run `ipmitool` against non-trusted IPMI-enabled devices;",
    "lang" : "en:us"
  },
  "csaw" : false
}