Kamfanin Eclypsium lahani biyu a cikin firmware na mai sarrafa BMC da aka kawo a cikin sabobin Lenovo ThinkServer, yana barin mai amfani na gida ya canza firmware ko aiwatar da lambar sabani akan guntun BMC.
Ƙarin bincike ya nuna cewa waɗannan matsalolin kuma suna shafar firmware na masu sarrafa BMC da ake amfani da su a cikin Gigabyte Enterprise Servers uwar garken dandamali, waɗanda kuma ana amfani da su a cikin sabar daga kamfanoni irin su Acer, AMAX, Bigtera, Ciara, Penguin Computing da sysGen. Matsalolin BMC masu matsala sun yi amfani da firmware mai rauni na MergePoint EMS wanda mai siyar da Avocent na ɓangare na uku ya haɓaka (yanzu yanki na Vertiv).
Rashin lahani na farko yana faruwa ne sakamakon rashin tabbatar da bayanan sirri na sabunta firmware da aka zazzage (kawai CRC32 tabbaci na checksum ake amfani da shi, akasin haka. NIST tana amfani da sa hannu na dijital), wanda ke bawa maharin damar shiga cikin tsarin don lalata firmware na BMC. Matsalar, alal misali, ana iya amfani da ita don haɗa tushen rootkit mai zurfi wanda ya ci gaba da aiki bayan sake shigar da tsarin aiki kuma yana toshe ƙarin sabuntawar firmware (don kawar da rootkit, kuna buƙatar amfani da mai shirye-shirye don sake rubuta SPI flash).
Rashin lahani na biyu yana nan a cikin lambar sabunta firmware kuma yana ba ku damar musanya umarnin ku, waɗanda za a aiwatar da su a cikin BMC tare da mafi girman matakin gata. Don kai hari, ya isa ya canza ƙimar ma'aunin RemoteFirmwareImageFilePath a cikin bmcfwu.cfg fayil ɗin sanyi, ta inda aka ƙayyade hanyar zuwa hoton firmware da aka sabunta. Yayin sabuntawa na gaba, wanda za'a iya farawa ta hanyar umarni a cikin IPMI, BMC za ta sarrafa wannan siga kuma a yi amfani da shi azaman ɓangaren kiran popen() azaman ɓangaren layin don /bin/sh. Tunda an ƙirƙiri layin don samar da umarnin harsashi ta amfani da kiran snprintf() ba tare da tsabtace haruffa na musamman ba, maharan na iya musanya lambar su don aiwatarwa. Don cin gajiyar raunin, dole ne ku sami haƙƙin da ke ba ku damar aika umarni zuwa ga mai sarrafa BMC ta hanyar IPMI (idan kuna da haƙƙin gudanarwa akan sabar, zaku iya aika umarnin IPMI ba tare da ƙarin tabbaci ba).
An sanar da Gigabyte da Lenovo matsalolin baya a cikin Yuli 2018 kuma sun sami nasarar fitar da sabuntawa kafin a bayyana bayanan a bainar jama'a. Kamfanin Lenovo sabunta firmware a kan Nuwamba 15, 2018 don ThinkServer RD340, TD340, RD440, RD540 da RD640 sabobin, amma kawai sun kawar da rauni a cikin su wanda ke ba da izinin maye gurbin umarni, tun lokacin ƙirƙirar layin sabar dangane da MergePoint EMS a cikin 2014, firmware. tabbatarwa da aka gudanar ta amfani da dijital sa hannu ba tukuna yadudduka kuma ba a fara sanar.
A ranar 8 ga Mayu na wannan shekara, Gigabyte ya fitar da sabuntawar firmware don uwayen uwa tare da mai sarrafa ASPEED AST2500, amma kamar Lenovo, kawai ya gyara raunin maye gurbin umarni. Alloli masu rauni dangane da ASPEED AST2400 sun kasance ba tare da sabuntawa ba a yanzu. Gigabyte kuma game da sauyawa zuwa amfani da firmware MegaRAC SP-X daga AMI. Ciki har da sabon firmware dangane da MegaRAC SP-X za a miƙa don tsarin da aka aika a baya tare da firmware MergePoint EMS. Matakin ya biyo bayan sanarwar Vertiv cewa ba za ta ƙara goyan bayan dandalin EMS na MergePoint ba. A lokaci guda, har yanzu ba a ba da rahoton ba game da sabuntawar firmware akan sabar da Acer, AMAX, Bigtera, Ciara, Penguin Computing da sysGen suka ƙera akan allunan Gigabyte kuma sanye take da firmware MergePoint EMS mai rauni.
Bari mu tuna cewa BMC ƙwararriyar mai sarrafawa ce da aka sanya a cikin sabobin, wanda ke da CPU, ƙwaƙwalwar ajiya, ajiya da na'urorin zaɓe na firikwensin, wanda ke ba da ƙananan ƙananan matakan don saka idanu da sarrafa kayan aikin uwar garke. Yin amfani da BMC, ba tare da la'akari da tsarin aiki da ke gudana akan uwar garken ba, zaku iya saka idanu kan matsayin na'urori masu auna firikwensin, sarrafa iko, firmware da diski, tsara booting mai nisa akan hanyar sadarwar, tabbatar da aikin na'ura mai ba da hanya tsakanin hanyoyin sadarwa, da sauransu.
source: budenet.ru