[ale] Anyone using Supermicro motherboards?

Jim Kinney jim.kinney at gmail.com
Thu Jun 26 19:33:04 EDT 2014


I won't buy Dell without the dedicated ilo port for that very reason.
On Jun 26, 2014 7:18 PM, "Alex Carver" <agcarver+ale at acarver.net> wrote:

> Depends on the implementation.  I've got a Dell sitting next to me with
> its IPMI interface spliced directly to the on-board NIC (no USB bridges
> or anything else).  If you plug their NIC into the wall then you've also
> done the same to the IPMI.  The only workaround is to install another
> NIC and use that for the main connection.
>
> On 2014-06-26 08:37, Beddingfield, Allen wrote:
> > I saw this a few days ago and looked into it - it is related to IPMI.
>  In my opinion, these management/IPMI interfaces should always be on an
> internal network that requires VPN access for remote connectivity.
> > Allen B.
> > --
> > Allen Beddingfield
> > Systems Engineer
> > The University of Alabama
> >
> > ________________________________________
> > From: ale-bounces at ale.org [ale-bounces at ale.org] on behalf of James
> Taylor [James.Taylor at eastcobbgroup.com]
> > Sent: Thursday, June 26, 2014 10:06 AM
> > To: Atlanta Linux Enthusiasts
> > Subject: [ale] Anyone using Supermicro motherboards?
> >
> >>From the latest SANS Bulletin...
> > -jt
> >
> > ID:     N/A
> > Title:  Supermicro Server Motherboard Credential Disclosure Vulnerability
> > Vendor: Supermicro
> > Description: Supermicro motherboards store administrator passwords in
> > plain text, which is available to any attacker who can connect to TCP
> > port 49152.
> > CVSS v2 Base Score: 10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140626/f8ae002f/attachment.html>


More information about the Ale mailing list