Copy
HostingSecList - Security notices for the hosting community.

Supermicro IPMI / BMC

Urgent Action Required

We have been made aware of an active zero day exploit targeting Supermicro IPMI / BMC interfaces that could disclose login information under certain circumstances.

Those interfaces should never be publicly accessible, however, if you have made that mistake it is recommended that you apply the necessary patch which involves reflashing the firmware and restrict access as necessary!

Ongoing Discussion via WHT:

http://www.webhostingtalk.com/showthread.php?t=1386508

Relevant Links:

http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/

http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/

https://isc.sans.edu/diary/New+Supermicro+IPMIBMC+Vulnerability/18285
Our mailing address is:
RACK911 Labs
1110 Palms Airport Drive
Suite 110
Las Vegas, NV 89119

Add us to your address book


Copyright © 2014 RACK911 Labs, All rights reserved.
Email Marketing Powered by Mailchimp