SuperMicro IPMI security unfeatures


Just digging into the IPMI controller of the Supermicros. It has some unexpected SSH login using a very arcane cli.

-> version
ATEN SMASH CLP Shell Version 1.00 
-> show logs1/log1
/system1/logs1/log1

  Targets :
	none

  Properties :

  Verbs :
	cd
	show
	help
	version
	exit
	delete

 

Notes:

  1. There have been many incidents where these modules had been hacked
  2. They were used for spamming
  3. SuperMicro isn’t generally fixing the issues (but they’re also not the maker of the BMC software. ATEN is, and also sells the stuff i.e. to Dell?)
  4. One has to change pw + disable the anonymous account via the gui and then also via ipmi
  5. A firewall & separate network is nothing you can do without.

But that’s all nothing compared to how ugly the protcol spec for the “SMASH Shell” is:

http://www.dmtf.org/sites/default/files/standards/documents/DSP0214.pdf

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s