Careers & Certifications

01:00 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Data Center Servers Exposed

Popular server firmware contains multiple zero-day vulnerabilities, but fixes are fraught with trade-offs.

You definitely don't want to show up on one of HD Moore's Internet scans. But some 35,000 -- and counting -- servers have been found exposed on the Internet by the renowned researcher and his team in their ongoing global scanning project aimed at detecting networked devices in danger of attack. In the latest twist, popular server firmware exposed on the Net also contains multiple zero-day bugs that leave corporate servers open to outside attackers.

Rapid7 late last week disclosed several previously unknown security bugs in Supermicro's Intelligent Platform Management Interface (IPMI) protocol implementation in its Baseboard Management Controller (BMC) firmware that, in effect, give attackers near-physical access to the affected servers. BMC firmware and its corresponding IPMI interface are basically remote management tools for the servers.

The flaws were found in firmware version SMT_X9_226 of Supermicro's product, and Supermicro recently updated the firmware with version SMT_X9_315, which Rapid7 found only addresses some of the zero-days as well as some other flaws.

Read the rest of this article on Dark Reading.

Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed