Ubuntu
ipmitool package

[MIR] ipmitool

Bug #1040682 reported by Andres Rodriguez
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ipmitool (Ubuntu)
Invalid
High
Andres Rodriguez

Bug Description

Binary package hint: resource-agents

1. Availability: any

2. Rationale:
This package is a dependency for MAAS. It is utilized to do the power management operations by MAAS.

3. Security:
No open CVE;s. One fixed recently.

4. QA:
3 bugs in Ubuntu. 10 in Debian. No lintian issues.

5. UI standards: none

6. Dependencies: All in main.

7. Standards:
No lintian Warnings
Package is packaged with debhelper, and has quilt as patchsystem.

8. Maintenance: easy

9. Background information:

This package is used by MAAS to start/stop nodes that MAAS controles using the IPMI protocol.

Revision history for this message
Michael Terry (mterry) wrote :

System daemon + past CVE, so assigning to our MIR security member, the indomitable jdstrand.

Changed in ipmitool (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
James Page (james-page)
Changed in ipmitool (Ubuntu):
importance: Undecided → High
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This is a fairly old code base and there is a lot to look at. I could only provide a high level review, but I am quite confident there are many bugs lurking in it.

Security review:
* One CVE. Trivial to fix.
* Hardening options enabled. Should enable PIE.
* Several calls to malloc/calloc with no check for NULL followed by string operations in lib/ipmi_sel.c. ipmi_fru.c doesn't check a malloc call in ipmi_fru_query_new_value()
* There is lots of strcpy and sprintf with little bounds checking. Many are on the stack, so compiler hardening should catch it. I did not have time to verify if they are attacker controllable.
* There are a lot of compiler warnings
* There is an initscript for ipmievd. I couldn't start the daemon since I don't have any /dev/ipmi* files, but the initscript starts ipmievd as root and I don't see an calls to drop privileges, so I am assuming this is running as root.
* networking code is present for talking to remote servers

I am not confident in the code base. There are lots of compiler warnings and unchecked memory allocations followed by string operations. Lots of strcpy() with little bounds checking (though admittedly, some on the stack). It does have one thing going for it: other distributions also include it, so we should be able to collaborate on security fixes.

I would normally NAK this and advise to search for an alternative. In lieu of that, conditional ACK provided that the compiler warnings are addressed, that PIE is enabled and that an apparmor profile is provided for /usr/sbin/ipmievd and /usr/bin/ipmitool.

Changed in ipmitool (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → Andres Rodriguez (andreserl)
status: New → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

If providing AppArmor policy, please have a member of ubuntu-security review the policy before upload.

Revision history for this message
Dave Walker (davewalker) wrote :

I would explore the option of making a primary alternative depends of freeipmi-tools.

Revision history for this message
Andres Rodriguez (andreserl) wrote :

Based on Dave's feedback and further discussion on IRC, we've decided to use freeipmi-tools instead for which I have opened a new MIR bug #1052056.

Revision history for this message
Andres Rodriguez (andreserl) wrote :

Marking this bug report as invalid.

Michael Terry (mterry)
Changed in ipmitool (Ubuntu):
status: In Progress → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.