CVE-2020-5208: 
NixOS vulnerability analysis and mitigation

CVE-2020-5208 affects ipmitool versions before 1.8.19, where multiple functions neglect proper checking of data received from remote LAN parties. The vulnerability was discovered in early 2020 and affects the command-line utility used for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification (GitHub Advisory, NVD).

The vulnerability specifically involves buffer overflow issues in the read_fru_area_section function in lib/ipmi_fru.c. The affected functions fail to properly validate the size of data received from remote IPMI-enabled devices, which can lead to buffer overflows. The vulnerability has been assigned a CVSS 3.1 base score of 8.8 (High), with attack vector being Network, attack complexity Low, and requiring Low privileges (Ubuntu Security).

The vulnerability could potentially lead to remote code execution on the ipmitool side, with the impact being particularly severe if ipmitool is running with privileged user access. The security issue affects confidentiality, integrity, and availability of the system, with all having High impact ratings (GitHub Advisory).

The primary mitigation is to upgrade to ipmitool version 1.8.19 or later which contains the fix. For users unable to upgrade immediately, workarounds include not running ipmitool as a privileged user and avoiding running ipmitool over demilitarized networks or against untrusted IPMI-enabled devices (GitHub Advisory).