[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPMI vulnerabilities

Subject: IPMI vulnerabilities
From: jeroen at massar.ch (Jeroen Massar)
Date: Tue, 02 Jul 2013 17:58:16 +0200
In-reply-to: <465966A5F5B867419F604CD3E604C1E54D5CED99@PRA-DCA-MAIL.pra.ray.com>
References: <[email protected]> <[email protected]> <465966A5F5B867419F604CD3E604C1E54D5CED99@PRA-DCA-MAIL.pra.ray.com>

On 2013-07-02 17:54 , Jamie Bowden wrote:
>> From: Jeroen Massar [mailto:jeroen at massar.ch]
>> On 2013-07-02 16:51 , Steven Bellovin wrote:
>>> http://www.wired.com/threatlevel/2013/07/ipmi/
>>>
>>> Capsule summary: watch out!
>>
>> Indeed! But it is should be logical, as IPMI is supposed to be for OOB
>> access right? :)
>>
>> Anybody not putting them behind a properly restricted firewall and/or
>> VLAN is asking for issues... typical IPMI boxes run outdated linux
>> kernels, with nice olddated userspace and a whole lot of tools that one
>> can not really restrict access to, thus it is quite silly to have that
>> access open to the public.
> 
> That same reasoning has worked wonders at keeping SCADA systems off the public internet too.

People problems cannot be resolved with code.

Greets,
 Jeroen

Follow-Ups:
- IPMI vulnerabilities
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)

References:
- IPMI vulnerabilities
  - From: smb at cs.columbia.edu (Steven Bellovin)
- IPMI vulnerabilities
  - From: jeroen at massar.ch (Jeroen Massar)
- IPMI vulnerabilities
  - From: jamie at photon.com (Jamie Bowden)

Prev by Date: IPMI vulnerabilities
Next by Date: Leap Second
Previous by thread: IPMI vulnerabilities
Next by thread: IPMI vulnerabilities
Index(es):
- Date
- Thread