Inkampani ye-Eclypsium
Ukuhlaziywa okwengeziwe kubonise ukuthi lezi zinkinga ziphinde zithinte i-firmware yabalawuli be-BMC abasetshenziswa kumapulatifomu eseva ye-Gigabyte Enterprise Servers, aphinde asetshenziswe kumaseva avela ezinkampanini ezifana ne-Acer, AMAX, Bigtera, Ciara, Penguin Computing kanye ne-sysGen. Abalawuli be-BMC abanenkinga basebenzise i-firmware esengozini ye-MergePoint EMS eyakhiwe umthengisi wenkampani yangaphandle u-Avocent (manje oyingxenye ye-Vertiv).
Ukuba sengozini kokuqala kubangelwe ukuntuleka kokuqinisekiswa kwe-cryptographic kwezibuyekezo ze-firmware ezilandiwe (kuphela ukuqinisekiswa kwe-CRC32 checksum kuphela kusetshenziswa, ngokuphambene.
Ukuba sengozini kwesibili kukhona kukhodi yokubuyekeza i-firmware futhi ikuvumela ukuthi umiselele eyakho imiyalo, ezosetshenziswa ku-BMC ngezinga eliphakeme kakhulu lamalungelo. Ukuze uhlasele, kwanele ukushintsha inani lepharamitha ye-RemoteFirmwareImageFilePath kufayela lokumisa le-bmcfwu.cfg, okunqunywa ngalo indlela eya esithombeni se-firmware ebuyekeziwe. Phakathi nesibuyekezo esilandelayo, esingaqalwa ngomyalo ku-IPMI, le pharamitha izocutshungulwa yi-BMC futhi isetshenziswe njengengxenye yekholi ye-popen() njengengxenye yomugqa we-/bin/sh. Njengoba umugqa wokukhiqiza umyalo wegobolondo udalwe kusetshenziswa i-snprintf() ikholi ngaphandle kokuhlanza kahle izinhlamvu ezikhethekile, abahlaseli bangashintsha ikhodi yabo ukuze bayenze. Ukuze usebenzise ubungozi, kufanele ube namalungelo akuvumela ukuthi uthumele umyalo kusilawuli se-BMC nge-IPMI (uma unamalungelo omlawuli kuseva, ungathumela umyalo we-IPMI ngaphandle kokuqinisekisa okwengeziwe).
UGigabyte noLenovo baziswe ngezinkinga emuva ngoJulayi 2018 futhi bakwazi ukukhipha izibuyekezo ngaphambi kokuthi imininingwane idalulwe esidlangalaleni. Lenovo inkampani
NgoMeyi 8 walo nyaka, uGigabyte ukhiphe izibuyekezo ze-firmware zamabhodi omama ngesilawuli se-ASPEED AST2500, kodwa njengeLenovo, ilungise kuphela ubungozi bokushintsha umyalo. Amabhodi asengozini asekelwe ku-ASPEED AST2400 ahlala engenazo izibuyekezo okwamanje. Gigabyte futhi
Masikhumbule ukuthi i-BMC iyisilawuli esikhethekile esifakwe kumaseva, esine-CPU yayo, inkumbulo, indawo yokugcina kanye ne-sensor polling interface, ehlinzeka ngesixhumi esibonakalayo esisezingeni eliphansi sokuqapha nokuphatha imishini yeseva. Usebenzisa i-BMC, kungakhathaliseki ukuthi isistimu yokusebenza esebenza kuseva, ungakwazi ukuqapha isimo sezinzwa, uphathe amandla, i-firmware namadiski, uhlele ukubhutha okukude ngenethiwekhi, uqinisekise ukusebenza kwekhonsoli yokufinyelela kude, njll.
Source: opennet.ru