Khampani ea Eclypsium
Tlhahlobo e eketsehileng e bontšitse hore mathata ana a boetse a ama firmware ea balaoli ba BMC e sebelisoang ho li-server tsa Gigabyte Enterprise Servers, tse sebelisoang hape ho li-server tse tsoang lik'hamphani tse kang Acer, AMAX, Bigtera, Ciara, Penguin Computing le sysGen. Balaoli ba bothata ba BMC ba sebelisitse firmware ea MergePoint EMS e tlokotsing e ntlafalitsoeng ke morekisi oa mokha oa boraro Avocent (eo hona joale e leng karolo ea Vertiv).
Kotsi ea pele e bakoa ke khaello ea netefatso ea "cryptographic" ea liapdeite tsa firmware tse jarollotsoeng (ho sebelisoa feela netefatso ea CRC32 checksum, ho fapana le hoo.
Bofokoli ba bobeli bo teng ka har'a khoutu ea ntlafatso ea firmware mme bo u lumella ho kenya litaelo tsa hau sebakeng sa BMC ka maemo a phahameng ka ho fetisisa a litokelo. Ho hlasela, ho lekane ho fetola boleng ba parameter ea RemoteFirmwareImageFilePath ho faele ea tlhophiso ea bmcfwu.cfg, eo ka eona tsela e eang setšoantšong sa firmware e ntlafalitsoeng e ikemiselitseng. Nakong ea ntlafatso e latelang, e ka qalisoang ka taelo ho IPMI, parameter ena e tla sebetsoa ke BMC 'me e sebelisoe e le karolo ea popen() call e le karolo ea mohala oa /bin/sh. Kaha mohala oa ho hlahisa taelo ea khetla o etsoa ho sebelisoa mohala oa snprintf () ntle le ho hloekisa hantle litlhaku tse khethehileng, bahlaseli ba ka kenya khoutu ea bona bakeng sa ho bolaoa. Ho sebelisa monyetla oa ho ba kotsing, o tlameha ho ba le litokelo tse u lumellang hore u romele taelo ho molaoli oa BMC ka IPMI (haeba u na le litokelo tsa motsamaisi ho seva, u ka romela taelo ea IPMI ntle le netefatso e eketsehileng).
Gigabyte le Lenovo ba ile ba tsebisoa ka mathata morao koana ka Phupu 2018 mme ba khona ho lokolla lintlafatso pele tlhahisoleseling e senoloa phatlalatsa. Khamphani ea Lenovo
Ka la 8 Mots'eanong selemong sena, Gigabyte e ile ea lokolla lintlafatso tsa firmware bakeng sa liboto tsa bo-mme tse nang le molaoli oa ASPEED AST2500, empa joalo ka Lenovo, e ile ea lokisa feela ts'oaetso ea ho kenya taelo. Liboto tse tlokotsing tse thehiloeng ho ASPEED AST2400 li lula li se na lintlafatso hajoale. Gigabyte hape
A re hopoleng hore BMC ke molaoli ea khethehileng ea kentsoeng ka har'a li-server, tse nang le li-interfaces tsa eona tsa CPU, memori, polokelo le li-sensor polling, tse fanang ka sebopeho sa boemo bo tlaase bakeng sa ho shebella le ho laola lisebelisoa tsa seva. U sebelisa BMC, ho sa tsotelehe sistimi e sebetsang ho seva, o ka hlokomela boemo ba li-sensor, ho laola matla, firmware le li-disks, ho hlophisa booting e hole holim'a marang-rang, ho netefatsa ts'ebetso ea komporo ea phihlello e hole, jj.
Source: opennet.ru