Hello & Welcome to our community. Is this your first visit? Register
Follow us on
Follow us on Facebook Follow us on Twitter Watch us on YouTube


MMOCoin

Likes Likes:  0
Results 1 to 3 of 3
  1. #1
    Beginner

    Join Date
    Nov 2013
    Posts
    1
    Post Thanks / Like
    Rep Power
    11
    Reputation
    3

    {BMC Exploit} Are your servers at risk?!


    Register to remove this ad


    A new vulnerability affecting multiple servers running specific motherboards has been discovered, and it is quite frightening!




    The vulnerability actually resides in the Baseboard Management Controller (BMC) in the WPCM450 line of chips incorporated into the motherboards. Security Researcher at CARInet Security Incident Response Team, discovered that Baseboard Management Controller (BMC) of Supermicro motherboards contain a binary file that stores remote login passwords in clear text and the file is available for download simply by connecting to the specific port. (Port hidden for security reasons).

    Baseboard Management Controller (BMC) is the central part of the microcontroller that resides on server motherboard or in the chassis of a blade server or telecom platform. The BMC links to a main processor and other onboard elements via a simple serial bus.


    The vulnerable 84 firmwares are listed here and server administrators are advised to apply available patches from vendors. In order to apply patches, you need to flash the device with new firmware update. You can speak with your hosting provider(s) about this, as they can pass on the relevant information to their providers, or carry out the updates themselves.

    Quote


    1) A compromised IPMI card can be used to root the server by rebooting to a virtual cdrom containing a rescue disk image. If you own the IPMI card, you can own the server.

    2) A compromised server can be used to reflash and otherwise compromise the IPMI card using the local device interface.

    What this means is that an attacker who owns an exposed IPMI card can pull any data they want off the drive of the server or rootkit it. They can even rootkit the IPMI card itself using off-the-shelf tools for firmware modification. Even reinstalling the server would not remove a rootkit like this.

    Now think about this in terms of segmenting your IPMI from your production network. An attacker that gets access to one can get access to the other. For shared hosting environments, this is a nightmare that is pretty much impossible to fix without disabling the card


    PS: Sorry if this is the wrong section, didn't know where else to place it.




    › See More: {BMC Exploit} Are your servers at risk?!



  2. Related Threads - Scroll Down after related threads if you are only interested to view replies for above post/thread

  3. #2
    Premium

    Join Date
    May 2011
    Posts
    222
    Post Thanks / Like
    Rep Power
    15
    Reputation
    100
    Hopefully the server owners whom may be using these motherboards will notice this thread.

  4. #3
    Beginner

    Join Date
    Nov 2013
    Posts
    1
    Post Thanks / Like
    Rep Power
    11
    Reputation
    3

    Register to remove this ad
    Quote Originally Posted by zdroid9770 View Post
    Hopefully the server owners whom may be using these motherboards will notice this thread.
    hopefully!

 

 

Visitors found this page by searching for:

Nobody landed on this page from a search engine, yet!
SEO Blog

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -5. The time now is 10:43 PM.
Powered by vBulletin® Copyright ©2000-2024, Jelsoft Enterprises Ltd.
See More links by ForumSetup.net. Feedback Buttons provided by Advanced Post Thanks / Like (Lite) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
vBulletin Licensed to: MMOPro.org