just so we're all clear, SuperMicro wasn't the only one... link: http://pastebin.com/syXHLuC5 1. CVE-2013-4782 CVSS Base Score = 10.0 2. The SuperMicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. 3. 4. CVE-2013-4783 CVSS Base Score = 10.0 5. The Dell iDRAC 6 BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. 6. 7. CVE-2013-4784 CVSS Base Score = 10.0 8. The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. 9. 10. CVE-2013-4785 CVSS Base Score = 10.0 11. iDRAC 6 firmware 1.7, and possibly other versions, allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. 12. 13. CVE-2013-4786 CVSS Base Score = 7.8 14. The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 responses from a BMC. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4782 => http://fish2.com/ipmi/cipherzero.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4783 => http://fish2.com/ipmi/cipherzero.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4784 => http://fish2.com/ipmi/cipherzero.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4785 => http://fish2.com/ipmi/dell/secret.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4786 => http://fish2.com/ipmi/remote-pw-cracking.html On Thu, Aug 15, 2013 at 6:00 PM, Jay Ashworth <jra@baylink.com> wrote:
Presumably, everyone else's are very religious as well.
Is anyone here stupid enough not to put the management interfaces behind a firewall/VPN?
http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/14/researchers-fig...
And should I be nervous that Usenix pointed me *there* for the story, rather than a tech press outlet?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
-- Kyle Creyts Information Assurance Professional Founder BSidesDetroit