Careers & Certifications

01:00 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Data Center Servers Exposed

Popular server firmware contains multiple zero-day vulnerabilities, but fixes are fraught with trade-offs.

You definitely don't want to show up on one of HD Moore's Internet scans. But some 35,000 -- and counting -- servers have been found exposed on the Internet by the renowned researcher and his team in their ongoing global scanning project aimed at detecting networked devices in danger of attack. In the latest twist, popular server firmware exposed on the Net also contains multiple zero-day bugs that leave corporate servers open to outside attackers.

Rapid7 late last week disclosed several previously unknown security bugs in Supermicro's Intelligent Platform Management Interface (IPMI) protocol implementation in its Baseboard Management Controller (BMC) firmware that, in effect, give attackers near-physical access to the affected servers. BMC firmware and its corresponding IPMI interface are basically remote management tools for the servers.

The flaws were found in firmware version SMT_X9_226 of Supermicro's product, and Supermicro recently updated the firmware with version SMT_X9_315, which Rapid7 found only addresses some of the zero-days as well as some other flaws.

Read the rest of this article on Dark Reading.

Comment  | 
Print  | 
More Insights
Hot Topics
6
8 Gotchas Of Technology Contracting
Craig Auge, Partner, Vorys,  7/17/2014
3
Cisco DevNet Focuses On Developers
Marcia Savage, Managing Editor, Network Computing,  7/21/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
Video
Slideshows
Twitter Feed