[172506] in North American Network Operators' Group
Re: CARISIRT: Yet Another BMC Vulnerability
daemon@ATHENA.MIT.EDU (Coy Hile)
Thu Jun 19 21:42:14 2014
X-Original-To: nanog@nanog.org
From: Coy Hile <coy.hile@coyhile.com>
In-Reply-To: <53A3752E.7010400@truemetal.org>
Date: Thu, 19 Jun 2014 21:42:04 -0400
To: Markus <universe@truemetal.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_BE7731B4-23E4-4C3D-9D02-14890DA439CF
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=windows-1252
On Jun 19, 2014, at 7:41 PM, Markus <universe@truemetal.org> wrote:
> =
http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added=
-extras/
>=20
> =3D simple telnet commands displays passwords of BMCs. Damn =
Supermicro, please hire some new programmers! :(
>=20
And here I was hoping it would be something useful like a vulnerability =
that would put BMC (the company) out of business! Don=92t get my hopes =
up like that!
More reason that one shouldn=92t make his OOB net generally accessible.
--Apple-Mail=_BE7731B4-23E4-4C3D-9D02-14890DA439CF
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFtDCCBbAw
ggSYoAMCAQICCEmUy/CqsXeJMA0GCSqGSIb3DQEBCwUAMEcxIDAeBgNVBAMMF0NveSBIaWxlIExh
YnMgUGVyc29uIENBMRYwFAYDVQQKDA1Db3kgSGlsZSBMYWJzMQswCQYDVQQGEwJVUzAeFw0xNDA1
MjkwMTE1MzJaFw0xNTA1MjkwMTE1MzJaMFExFzAVBgoJkiaJk/IsZAEBDAdoaWxlL2NhMREwDwYD
VQQDDAhDb3kgSGlsZTEWMBQGA1UECgwNQ295IEhpbGUgTGFiczELMAkGA1UEBhMCVVMwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDFyzNyZDiwektvZaujAv5QjnOok++KvZM6qsfIal4m
afmaWoI3Egl+hrRmv4T5mWx6qFvlkmf+hMeINwBfUpWkTrcrrdCB5lb0zVcStkAZghLa8T9WK6VV
wkM/k1baBOgPKwcC8Xn3MdsHSqM8apC4I4H8iS/L/3yIJdUfpJpnzm20LBTN1xBZGBToznuk5l6z
X8dDJjz0CSkveBw6017cuFmb2EEb6ohhGK7zWu6aw4QfpT26yunnMxE4Rflr2a2XYyJQwma7lzEQ
a8z4qFtgLmk3GBqwPMeSVNluR0oHqk7tpAqm6yaESsqeKfN7TSi44oDVMfG6X5FmExaTk3HvLaHy
nS0W7/HgyKnCWncfiqXqCLrKUy9pKnWnVmU5lYVWmHWAOBIBR6bVFaIKkCOsux5r6ntHSCrW5dmC
J7/GgiK2BOPyunLxYlwMKWnG7W8DlyfKSB0zGFDNOvyJvHehgFNkhp8sYT0P0wZ3FThlQfBevrir
BZBDNtLbgCrm3TYTCDAYDPpI+jMXi/XISerKAeJfjcQMgxdmzQdRrLwE0yZPBLZ3Pc1QxJlX6YdN
pI1niqrtzrbEzGomvjNd0EqGYwmmrVOL0H2OIJszrZw6oHFaPRfDUSq2iYa2vyP+GCOX94bG1KfC
h5nZqC1qmIruSSR1hbHCoNKB2WfHtir+FQIDAQABo4IBlDCCAZAwUQYIKwYBBQUHAQEERTBDMEEG
CCsGAQUFBzABhjVodHRwOi8vcm9vdGNhLmNveWhpbGUuY29tL2VqYmNhL3B1YmxpY3dlYi9zdGF0
dXMvb2NzcDAdBgNVHQ4EFgQUtCvk9EZ8wt5dKsdWWsG1L0+jka0wDAYDVR0TAQH/BAIwADAfBgNV
HSMEGDAWgBT9AG9Vlv+0o7btuCCKJ+RRW/KmUTCBnAYDVR0fBIGUMIGRMIGOoIGLoIGIhoGFaHR0
cDovL3Jvb3RjYS5jb3loaWxlLmNvbS9lamJjYS9wdWJsaWN3ZWIvd2ViZGlzdC9jZXJ0ZGlzdD9j
bWQ9Y3JsJmlzc3Vlcj1DTj1Db3klMjBIaWxlJTIwTGFicyUyMFBlcnNvbiUyMENBLE89Q295JTIw
SGlsZSUyMExhYnMsQz1VUzAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG
AQUFBwMEMB8GA1UdEQQYMBaBFGNveS5oaWxlQGNveWhpbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IB
AQDVUN1zHEt6LgfHjvlMwhVNiHEnXXHciWfUed89bTWBuGfC3vvFkZQiO1+8VWPeQxDYC0oWX6pu
1FTA1YfLeL4WsR+koeo6mzdFSXYHMznVvYznltmXwi9Vi7NRIbj+0fULscQPrGKE4Zp+WttZl7ht
fGerhWzCkFNdffwj5yuX5P1OmPuJRIBopECGgC6qlUmOxYWcbpq8/NbIUtZtgDoJR5hHvmRqAyu+
E+DhFzuy8za7vBOpsCQlJOJ3l7vSz9bgZGZk50rqplRi91Yq+THD4W+CIF6OUusZIWKCVFmjfoiQ
EcJNYgvSglbUJtm/XjmK/KrcHpu1WOgL+xRDnPDZMYIC2TCCAtUCAQEwUzBHMSAwHgYDVQQDDBdD
b3kgSGlsZSBMYWJzIFBlcnNvbiBDQTEWMBQGA1UECgwNQ295IEhpbGUgTGFiczELMAkGA1UEBhMC
VVMCCEmUy/CqsXeJMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG
SIb3DQEJBTEPFw0xNDA2MjAwMTQyMDVaMCMGCSqGSIb3DQEJBDEWBBQhoHBHeVKJkJW3YAyXljEm
RCH0rTANBgkqhkiG9w0BAQEFAASCAgC4pWfOO4yrsf7pPuPpyBdZ4B8YsMkzstrpcZkSSOMftToe
qUU0AcWjSxZWKEVilGqtWhoV8fr1BnYIPfBgzMiKODkAyLdMeb86fJQGFlpGfKzf0L/rPRSLioff
vgSYFUWr8H3lGZibmkQj1hLPy9BMkJw4IoQmIAIEKj4YFqNr5wDWGV1AEaMDVqGKY0cwYUGp/4Jc
cNGWjo3QcDQ3ldXcmkbRFT3Gmjzt6196c0ZwpxxV46yV+fvKu436K6KXrlonoOajMIhAQDAFvVYC
w4N2sIpdunYcq6rfIzIGiEKJUSqygqann7++a/R1mQePgFf9I03d39L5ZwoB9RQaHbMJNb0/X7Lz
NrB1X9+Jsvjegw1n8kxigY3qGXEx4VZRW0ITKW7c5upLrj8kieXad9epcnVmpJ0dQ2LEO9FyFI2n
RRaLax1YUc0httvtz+recclWvjI7b0sC5LM40BqoL+6Bc3XrBCL7ZXlf7SGdAofjm07roYkr4Tx8
0IqZrwsXLbxGc61C2hLyP4Ra9cc3muiIPA6AFb3Q4qgbLOOULg0fApTMm8/PdGjKyTRb8KZy33yl
IbNmbCKcn460fN21RDxHgSyfhUozScDpvjQYG+ysiyJyrCBmN34+Xj0V/gVRW1HqbivePeiu1oep
TIt3TtSH2T99V9tG8GBbh2XleLIaIQAAAAAAAA==
--Apple-Mail=_BE7731B4-23E4-4C3D-9D02-14890DA439CF--
