HostingSecList - Security notices for the hosting community.

Supermicro IPMI / BMC

Urgent Action Required

We have been made aware of an active zero day exploit targeting Supermicro IPMI / BMC interfaces that could disclose login information under certain circumstances.

Those interfaces should never be publicly accessible, however, if you have made that mistake it is recommended that you apply the necessary patch which involves reflashing the firmware and restrict access as necessary!

Ongoing Discussion via WHT:

http://www.webhostingtalk.com/showthread.php?t=1386508

Relevant Links:

http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/

http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/

https://isc.sans.edu/diary/New+Supermicro+IPMIBMC+Vulnerability/18285

follow us on Twitter \| visit our website \| forward to a friend
Our mailing address is: RACK911 Labs 1110 Palms Airport Drive Suite 110 Las Vegas, NV 89119 Add us to your address book Copyright © 2014 RACK911 Labs, All rights reserved.
unsubscribe from mailing list \| update subscription preferences