Apple Xserve Lights-Out Management Firmware IPMI privilege escalation

xserve-ipmi-privilege-escalation (34651) The risk level is classified as HighHigh Risk

Description:

Apple Xserve Lights-Out Management Firmware could allow a remote attacker with ipmitool privileges to gain elevated privileges on the system, caused by an error in the Intelligent Platform Management Interface (IPMI) implementation. A remote attacker could exploit this vulnerability to gain administrative privileges on a vulnerable Intel-based Xserve system.

Platforms Affected:

  • Apple, Mac OS X 10.4.8
  • Apple, Xserve Lights-Out Management Firmware

Remedy:

Apply the Xserve Lights-Out Management Firmware Update 1.0, available from the Apple Web site. See References.

Consequences:

Gain Privileges

References:

  • Apple Web site, Apple security updates at http://docs.info.apple.com/article.html?artnum=61798.
  • Xserve Lights-Out Management Firmware Update 1.0, About the security content of Xserve Lights-Out Management Firmware Update 1.0 at http://docs.info.apple.com/article.html?artnum=305571.
  • BID-24257: Apple Xserve Lights-Out Management Firmware IPMI Remote Privilege Escalation Vulnerability
  • CVE-2007-2387: Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool.
  • FrSIRT/ADV-2007-2014: Apple Xserve Lights-Out Management Firmware Privilege Escalation Vulnerability
  • SA25499: Apple Xserve Lights-Out Management Firmware IPMI Vulnerability
  • SECTRACK ID: 1018181: Apple Xserve Lights-Out Management Firmware IPMI Grants Administrative Access to Remote Users

Reported:

May 31, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page