Debian-LTS has issued an advisory on February 9: https://www.debian.org/lts/security/2020/dla-2098 The issue is fixed upstream in 1.8.19. Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Done for both Cauldron and mga7!
CC: (none) => geiger.david68210
Advisory: ======================== Updated ipmitool package fix security vulnerability: Christopher Ertl found that multiple functions in ipmitool neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side (CVE-2020-5208). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5208 https://www.debian.org/lts/security/2020/dla-2098 ======================== Updated packages in core/updates_testing: ======================== ipmitool-1.8.18-3.1.mga7 from ipmitool-1.8.18-3.1.mga7.src.rpm
Whiteboard: MGA7TOO => (none)Assignee: bugsquad => qa-bugsVersion: Cauldron => 7
Mageia7, x86_64 Tried ipmitool before the update and could not get the ipmi service to start; it complains about some script error. openipmi is already installed. Updated ipmitool. Used cheatsheet at https://www.tzulo.com/crm/knowledgebase/47/IPMI-and-IPMITOOL-Cheat-sheet.html $ su - # chkconfig ipmi on There is an ipmi executable script in /etc/init.d which has options such as start and restart. Decided to stay with systemd. # systemctl start ipmi Job for ipmi.service failed because the control process exited with error code. See "systemctl status ipmi.service" and "journalctl -xe" for details. Neither of those logs are specific enough to diagnose the cause. # journalctl -xe | tail -- The unit ipmi.service has entered the 'failed' state with result 'exit-code'. Feb 20 22:51:57 difda systemd[1]: Failed to start LSB: OpenIPMI Driver init script. -- Subject: A start job for unit ipmi.service has failed -- Defined-By: systemd -- -- A start job for unit ipmi.service has finished with a failure. Any attempt to use ipmitool results in failure; e.g. $ ipmitool mc info Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory # ipmitool user list 1 Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory So, what is missing?
CC: (none) => tarazed25
Keywords: (none) => feedback
Probably your computer doesn't support ipmi.
Keywords: feedback => (none)
Looked for information on configuring openimi and found an Oracle site: https://docs.oracle.com/en/database/oracle/oracle-database/19/cwlin/configuring-the-open-ipmi-driver.html#GUID-BD943D46-0AAA-44E2-AD07-0651526DB13B # lsmod | grep ipmi ipmi_msghandler 61440 1 nvidia # modprobe ipmi_si modprobe: ERROR: could not insert 'ipmi_si': No such device # modprobe ipmi_devintf # lsmod | grep ipmi ipmi_msghandler 61440 1 nvidia # cd /etc # vi rc.local # cat rc.local # START IPMI ON SYSTEM RESTART /sbin/modprobe ipmi_msghandler /sbin/modprobe ipmi_si /sbin/modprobe ipmi_devintf Restarted system. # journalctl -xe | grep ipmi # systemctl status ipmi.service .... Feb 20 23:23:41 difda systemd[1]: Failed to start LSB: OpenIPMI Driver init script # modprobe ipmi_si modprobe: ERROR: could not insert 'ipmi_si': No such device # modprobe ipmi_devintf # lsmod | grep ipmi ipmi_devintf 20480 0 ipmi_msghandler 61440 2 ipmi_devintf,nvidia $ ipmitool mc info Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Reading further, it looks as if the IPMI system is specific to motherboards which have a built-in BMC. How to check for such a thing? It should also have its own nic but my test machine has only one ethernet socket. So does it require a special server machine to work?
Generally speaking, I believe so.
Thanks David - I missed your earlier remark.
@ Len I don't any further than you did. Tried the openipmigui (needed to install additionaly tkinter and tix packages manually to get it running, but it tries to connect to something which apparently it does not find. Not inmy league.
CC: (none) => herman.viaene
@Herman: Yes David is correct - special hardware is required for this. It is something extra on the motherboard as far as I can understand. All we can do is say that the update installed without problems. The ipmitool commands respond even though they come back with an error (as expected). Summing our experience, this can be passed.
Whiteboard: (none) => MGA7-64-OK
Lacking any knowledge in this area whatsoever, Len's and Herman's conclusions read as about right to me. Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Tests OK mga7 64 Just checked it at least tries to connect to a random device on the LAN. I didn't expect it to connect to anything but at least try to, which it seemed to do. $ ipmitool -I lan -H 192.168.10.1 -vv -A NONE raw Sending IPMI/RMCP presence ping packet ipmi_lan_send_cmd:opened=[1], open=[4606832] No response from remote controller Get Auth Capabilities command failed Error: Unable to establish LAN session Error: Unable to establish IPMI v1.5 / RMCP session
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0097.html
Status: NEW => RESOLVEDResolution: (none) => FIXED