Chris Samuel
2018-06-21 10:31:56 UTC
Hi all,
On the subject of BMCs, in case you've not seen this & run HPE gear.
https://twitter.com/marcan42/status/1008981518159511553
# HP iLO4 authentication bypass:
# curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
# No, that's not a crash PoC. That's a full blown auth bypass.
# sscanf into fixed buffer overwrites a flag field that bypasses auth.
# Yes, really.
The tweet links to this PDF about backdooring HP servers via this:
https://airbus-seclab.github.io/ilo/SSTIC2018-Slides-EN-Backdooring_your_server_through_its_BMC_the_HPE_iLO4_case-perigaud-gazet-czarny.pdf
Fortunately I think every system I've run so far has had the BMCs
on their own separate IP network.
All the best,
Chris
On the subject of BMCs, in case you've not seen this & run HPE gear.
https://twitter.com/marcan42/status/1008981518159511553
# HP iLO4 authentication bypass:
# curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
# No, that's not a crash PoC. That's a full blown auth bypass.
# sscanf into fixed buffer overwrites a flag field that bypasses auth.
# Yes, really.
The tweet links to this PDF about backdooring HP servers via this:
https://airbus-seclab.github.io/ilo/SSTIC2018-Slides-EN-Backdooring_your_server_through_its_BMC_the_HPE_iLO4_case-perigaud-gazet-czarny.pdf
Fortunately I think every system I've run so far has had the BMCs
on their own separate IP network.
All the best,
Chris
--
Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC
_______________________________________________
Beowulf mailing list, ***@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit http://www.beowu
Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC
_______________________________________________
Beowulf mailing list, ***@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit http://www.beowu