Kampani ya Eclypsium
Kusanthula kwina kunawonetsa kuti mavutowa amakhudzanso firmware ya olamulira a BMC omwe amagwiritsidwa ntchito pa nsanja za seva za Gigabyte Enterprise Servers, zomwe zimagwiritsidwanso ntchito m'maseva ochokera kumakampani monga Acer, AMAX, Bigtera, Ciara, Penguin Computing ndi sysGen. Olamulira ovuta a BMC adagwiritsa ntchito firmware ya MergePoint EMS yomwe ili pachiwopsezo yopangidwa ndi ogulitsa chipani chachitatu Avocent (tsopano ndi gawo la Vertiv).
Chiwopsezo choyamba chimayamba chifukwa chosowa kutsimikizira kwachinsinsi kwa zosintha za firmware zomwe zidatsitsidwa (kutsimikizira kwa CRC32 checksum kokha kumagwiritsidwa ntchito, mosiyana.
Chiwopsezo chachiwiri chilipo mu code yosinthira firmware ndikukulolani kuti mulowe m'malo mwa malamulo anu, omwe adzaperekedwa mu BMC ndi mwayi wapamwamba kwambiri. Kuti muwukire, ndikwanira kusintha mtengo wa RemoteFirmwareImageFilePath parameter mu fayilo ya kasinthidwe ya bmcfwu.cfg, momwe njira yopita ku chithunzi cha firmware yosinthidwa imatsimikiziridwa. Pakusintha kotsatira, komwe kungayambitsidwe ndi lamulo mu IPMI, gawoli lidzasinthidwa ndi BMC ndikugwiritsidwa ntchito ngati gawo la popen() kuyitana ngati gawo la mzere wa /bin/sh. Popeza mzere wopanga chipolopolo umapangidwa pogwiritsa ntchito foni ya snprintf () popanda kuyeretsa bwino zilembo zapadera, owukira amatha kulowetsamo code yawo kuti aphedwe. Kuti mugwiritse ntchito chiwopsezo, muyenera kukhala ndi ufulu womwe umakulolani kutumiza lamulo kwa wolamulira wa BMC kudzera pa IPMI (ngati muli ndi ufulu woyang'anira pa seva, mutha kutumiza IPMI lamulo popanda kutsimikizika kowonjezera).
Gigabyte ndi Lenovo adadziwitsidwa za zovutazo mu Julayi 2018 ndipo adakwanitsa kutulutsa zosintha zisanawululidwe poyera. Kampani ya Lenovo
Pa Meyi 8 chaka chino, Gigabyte adatulutsa zosintha za firmware zamabodi a amayi okhala ndi ASPEED AST2500 controller, koma monga Lenovo, idangokhazikitsa chiwopsezo cholowa m'malo mwa lamulo. Ma board omwe ali pachiwopsezo otengera ASPEED AST2400 amakhalabe opanda zosintha pakadali pano. Gigabyte komanso
Tiyeni tikumbukire kuti BMC ndi woyang'anira wapadera woikidwa m'maseva, omwe ali ndi CPU yake, kukumbukira, kusungirako ndi mavoti opangira ma sensor, omwe amapereka mawonekedwe otsika kwambiri poyang'anira ndi kuyang'anira zida za seva. Pogwiritsa ntchito BMC, mosasamala kanthu za makina ogwiritsira ntchito pa seva, mukhoza kuyang'anira momwe masensa amachitira, kuyang'anira mphamvu, firmware ndi ma disks, kukonzekera kuthamangitsidwa kwakutali pa intaneti, kuonetsetsa kuti makina olowera kutali akugwira ntchito, ndi zina zotero.
Source: opennet.ru