Ụlọ ọrụ Eclypsium adịghị ike abụọ dị na firmware nke onye na-ahụ maka BMC na-enye na sava Lenovo ThinkServer, na-enye onye ọrụ mpaghara ohere ịgbanwe firmware ma ọ bụ mebie koodu aka ike n'akụkụ mgbawa BMC.
Nnyocha ọzọ gosipụtara na nsogbu ndị a na-emetụtakwa firmware nke ndị na-ahụ maka BMC ejiri na Gigabyte Enterprise Servers server platforms, nke a na-ejikwa na sava sitere na ụlọ ọrụ dịka Acer, AMAX, Bigtera, Ciara, Penguin Computing na sysGen. Ndị na-ahụ maka BMC nwere nsogbu jiri ngwa ngwa MergePoint EMS na-adịghị ike mebere site n'aka onye na-ere ahịa Avocent nke atọ (ugbu a nkewa nke Vertiv).
Ihe ọghọm nke mbụ kpatara ya bụ enweghị nkwenye cryptographic nke mmelite firmware ebudatara (naanị CRC32 checksum nkwenye ka a na-eji, megidere ya. NIST na-eji mbinye aka dijitalụ), nke na-enye onye na-awakpo ohere ịnweta sistemụ ahụ ohere ịkwanye firmware BMC. Enwere ike iji nsogbu ahụ, dịka ọmụmaatụ, iji jikọta rootkit nke na-anọgide na-arụ ọrụ mgbe ị wụnyeghachi sistemụ arụmọrụ ma gbochie mmelite firmware ọzọ (iji kpochapụ rootkit, ị ga-achọ iji onye mmemme iji degharịa SPI flash).
Ihe ọghọm nke abụọ dị na koodu nwelite firmware ma na-enye gị ohere iji dochie iwu nke gị, nke a ga-egbu na BMC yana oke ikike. Iji wakpo, o zuru ezu iji gbanwee uru nke RemoteFirmwareImageFilePath parameter na bmcfwu.cfg nhazi faịlụ, site na nke a na-ekpebi ụzọ nke onyinyo nke firmware emelitere. N'oge mmelite na-esote, nke enwere ike ịmalite site na iwu dị na IPMI, BMC ga-edozi oke a ma jiri ya dịka akụkụ nke oku popen() dịka akụkụ nke ahịrị maka / bin/sh. Ebe ọ bụ na a na-emepụta ahịrị maka ịmepụta iwu shei site na iji snprintf() oku na-enweghị nhicha nke ọma nke mkpụrụedemede pụrụ iche, ndị na-awakpo nwere ike dochie koodu ha maka igbu. Iji jiri adịghị ike, ị ga-enwerịrị ikike nke ga-enye gị ohere izipu iwu na njikwa BMC site na IPMI (ọ bụrụ na ị nwere ikike nchịkwa na sava ahụ, ị nwere ike izipu iwu IPMI na-enweghị nkwenye ọzọ).
A mara ọkwa Gigabyte na Lenovo maka nsogbu ndị ahụ laa azụ na Julaị 2018 wee jisie ike wepụta mmelite tupu ekpughere ozi ahụ n'ihu ọha. Ụlọ ọrụ Lenovo mmelite firmware na Nọvemba 15, 2018 maka ThinkServer RD340, TD340, RD440, RD540 na sava RD640, mana kpochapụrụ adịghị ike n'ime ha nke na-enye ohere nnọchi iwu, ebe ọ bụ na n'oge okike nke ahịrị nke sava dabere na MergePoint EMS na 2014, firmware. Emere nkwenye site na iji mbinye aka dijitalụ agbasabeghị ebe niile na ekwuputabeghị ya na mbụ.
Na Mee 8 nke afọ a, Gigabyte weputara mmelite firmware maka nne na nna ya na njikwa ASPEED AST2500, mana dị ka Lenovo, ọ doziri adịghị ike nnọchi iwu. bọọdụ ndị na-adịghị ike dabere na ASPEED AST2400 na-anọgide na-enweghị mmelite ugbu a. Gigabyte kwa banyere mgbanwe iji MegaRAC SP-X firmware sitere na AMI. Gụnyere firmware ọhụrụ dabere na MegaRAC SP-X ka a ga-enye maka sistemụ ejiribu MergePoint EMS firmware ebugobu. Mkpebi a sochiri ọkwa Vertiv na ọ gaghị akwadokwa ikpo okwu MergePoint EMS. N'otu oge ahụ, ọ nweghị ihe akọpụtala maka mmelite firmware na sava nke Acer, AMAX, Bigtera, Ciara rụpụtara, Penguin Computing na sysGen dabere na bọọdụ Gigabyte ma nwee ngwa ngwa MergePoint EMS na-adịghị ike.
Ka anyị cheta na BMC bụ onye njikwa pụrụ iche arụnyere na sava, nke nwere CPU nke ya, ebe nchekwa, nchekwa na oghere ntuli aka sensọ, nke na-enye ọkwa dị ala maka nlekota na ijikwa ngwa nkesa. Iji BMC, n'agbanyeghị agbanyeghị sistemụ arụmọrụ na-agba ọsọ na ihe nkesa, ị nwere ike nyochaa ọnọdụ nke sensọ, jikwaa ike, femụwe na diski, hazie ime booting na netwọk, hụ na ọrụ nke a remote access console, wdg.
isi: opennet.ru