[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPMI vulnerabilities
- Subject: IPMI vulnerabilities
- From: jeroen at massar.ch (Jeroen Massar)
- Date: Tue, 02 Jul 2013 17:32:34 +0200
- In-reply-to: <[email protected]>
- References: <[email protected]>
On 2013-07-02 16:51 , Steven Bellovin wrote:
> http://www.wired.com/threatlevel/2013/07/ipmi/
>
> Capsule summary: watch out!
Indeed! But it is should be logical, as IPMI is supposed to be for OOB
access right? :)
Anybody not putting them behind a properly restricted firewall and/or
VLAN is asking for issues... typical IPMI boxes run outdated linux
kernels, with nice olddated userspace and a whole lot of tools that one
can not really restrict access to, thus it is quite silly to have that
access open to the public.
Greets,
Jeroen