Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - Vulnerabilities in IPMI, BMCs Put Servers at Risk->

Submitted by msm1267
msm1267 (2804139) writes "Baseboard management controllers, embedded computers present in most servers, are vulnerable to a half dozen critical vulnerabilities that could enable an attacker to gain remote control over the host machine.

The vulnerabilities are in the Intelligent Platform Management Interface (IPMI) protocol specification that describes how BMCs communicate locally and across networks. The issues range from the ability to bypass authentication mechanisms, steal password hashes that can be brute-forced offline, to UPnP-based vulnerabilities that cannot be disabled and could lead to remote root compromises.

Dan Farmer, creator of the SATAN vulnerability scanner, discovered the vulnerabilities while conducting research under a DARPA Cyber Fast Track grant that was completed in January. Metasploit creator and Rapid7 CSO HD Moore then collaborated with Farmer by conducting an Internet-wide scan of the IPMI protocol to discover the breadth of the issue."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Vulnerabilities in IPMI, BMCs Put Servers at Risk

Comments Filter:

Optimization hinders evolution.