ProHoster > Блог > izindaba ze-inthanethi > Ukuba sengozini okukude kumabhodi eseva ye-Intel ane-BMC Emulex Pilot 3

Ukuba sengozini okukude kumabhodi eseva ye-Intel ane-BMC Emulex Pilot 3

Intel kubikiwe ekuqedeni ubungozi obungu-22 ku-firmware yamabhodi omama weseva, amasistimu eseva namamojula ekhompuyutha. Ubuthakathaka obuthathu, obunye bunikezwe izinga elibucayi, (I-CVE-2020-8708 - I-CVSS 9.6, I-CVE-2020-8707 - I-CVSS 8.3, I-CVE-2020-8706 - I-CVSS 4.7) liyavela ku-firmware yesilawuli se-Emulex Pilot 3 BMC esisetshenziswa emikhiqizweni ye-Intel. Ubuthakathaka buvumela ukufinyelela okungagunyaziwe kukhonsoli yokuphatha kude (i-KVM), ukudlula ukuqinisekiswa lapho kulingisa amadivayisi esitoreji se-USB, futhi kubangele ukugcwala kwe-buffer ekude ku-kernel esetshenziswa ku-BMC. Linux.

Ukuba sengozini kwe-CVE-2020-8708 kuvumela umhlaseli ongagunyaziwe ukuthi afinyelele ingxenye evamile yenethiwekhi yendawo eneseva esengozini ukuze athole ukufinyelela endaweni yokulawula ye-BMC. Kuyaphawulwa ukuthi inqubo yokusebenzisa ubungozi ilula kakhulu futhi inokwethenjelwa, ngoba inkinga ibangelwa iphutha lezakhiwo. Ngaphezu kwalokho, ngokusho ngokusho Ngemva kokuba umcwaningi ehlonze ukuba sengozini, ukusebenza ne-BMC ngokusebenzisa i-exploit kulula kakhulu kunokusebenzisa iklayenti elivamile le-Java. Phakathi kwemishini ethintekile kukhona imindeni ye-Intel R1000WT, R2000WT, R1000SP, LSVRP, LR1304SP, R1000WF kanye nezinhlelo zeseva ye-R2000WF, S2600WT, S2600CW, S2600KP, S2600TP, S1200SSP2600SPS, S2600WS, S2600SP BP, kanye ne-HNS2600KP, HNS2600TP kanye namamojula wekhompyutha we-HNS2600BP. Ubungozi bulungisiwe kusibuyekezo se-firmware 1.59.

Ngokusho kwe-nofficial inikezwe I-firmware ye-BMC Emulex Pilot 3 yabhalwa ngu-AMI, ngakho akukhishiwe Ubuthakathaka bubonakala nasezinhlelweni ezivela kwabanye abakhiqizi. Izinkinga zikhona kuma-kernel patches angaphandle. Linux kanye nenqubo yokulawula umsebenzisi-indawo lapho ikhodi yakhe ichazwa ngumcwaningi owabona inkinga njengekhodi embi kakhulu ake wahlangana nayo.

Masikhumbule ukuthi i-BMC iyisilawuli esikhethekile esifakwe kumaseva, esine-CPU yayo, inkumbulo, indawo yokugcina kanye ne-sensor polling interface, ehlinzeka ngesixhumi esibonakalayo esisezingeni eliphansi sokuqapha nokuphatha imishini yeseva. Usebenzisa i-BMC, kungakhathaliseki ukuthi isistimu yokusebenza esebenza kuseva, ungakwazi ukuqapha isimo sezinzwa, uphathe amandla, i-firmware namadiski, uhlele ukubhutha okukude ngenethiwekhi, uqinisekise ukusebenza kwekhonsoli yokufinyelela kude, njll.

Source: opennet.ru

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster