[afnog] Do you run an HP server, with an iLO4?
Sylvain BAYA
abscoco at gmail.com
Tue Jun 19 20:03:56 UTC 2018
Hi AfNOGers, Dear Daniel,
After read the slides indicated, by the URL [0], into the mentioned
twit, I can conclude this :
'Better is the end than the beginning of a story'...
Then, I can not quote the same piece of texts from it. So I'm pasting,
below, the content of the page35 [1], which is saying something like this :
* If 'yes', then don't worry ! ;
* Just apply the 'existing' patch ; and
* If you are not using the remote administration ; then
* Please : Just disable it !
Le 6/19/2018 à 5:49 PM, Daniel Shaw a écrit :
> https://twitter.com/marcan42/status/1008981518159511553
>
>
> @marcan42
>
> HP iLO4 authentication bypass: curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
>
> No, that's not a crash PoC. That's a full blown auth bypass. sscanf into fixed buffer overwrites a flag field that bypasses auth. Yes, really.
[0]:
> https://airbus-seclab.github.io/ilo/SSTIC2018-Slides-EN-Backdooring_your_server_through_its_BMC_the_HPE_iLO4_case-perigaud-gazet-czarny.pdf …
> _______________________________________________
> [...]
[1]: Page 35 => # iLO4 key takeaways
* No hardware root of trust [2], combined to the bypass of some of the
integrity check mechanism: persistence achievable and demonstrated
* DMA access to the host memory re-purposed as a dual-way communication
channel
* The proof-of-concepts require the exploitation of a vulnerability and
execution of arbitrary code on the iLO system
* Vulnerability reported to the vendor and fixed (in May 2017), please
patch!
* iLO4, critical remote administration tool:
..* Fully disabled if not actively used
..* Network isolation
___
[2]: Supposedly fixed with the last generation of servers and the
version 5 of iLO, released mid-2017, cf. “silicon root of trust”,
https://support.hpe.com/hpsc/doc/public/display?docId=a00018320en_us
Regards,
--sb.
#LASAINTEBIBLE|#Philippiens3:8 - http://biblehub.com/philippians/3-8.htm
__
Website : https://www.cmnog.cm
Wiki : https://www.cmnog.cm/dokuwiki
Surveys : https://survey.cmnog.cm
Subscribe to Mailing List : https://lists.cmnog.cm/mailman/listinfo/cmnog/
Mailing List's Archives : https://lists.cmnog.cm/pipermail/cmnog/
Last Event's Feed : https://twitter.com/#cmNOGlab3
https://twitter.com/cmN0G
https://facebook.com/cmNOG
https://twitter.com/#REBOOTcmNOG
https://twitter.com/#cmNOG
https://cmnog.wordpress.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.afnog.org/pipermail/afnog/attachments/20180619/411a25cb/attachment.sig>
More information about the afnog
mailing list