Feeds

Vulns 'like a hacker camped in the server room' all across the net

So says Metasploit man. Unless our servers have been hacked, anyway

Top 5 reasons to deploy VMware with Tegile

Security holes in server management technology create hacking opportunities almost on par with direct physical access, claims Metasploit creator HD Moore.

The issue arises from security shortcomings involving baseboard management controllers (a type of embedded computer used to provide out-of-band monitoring for desktops and servers, technology installed on nearly all servers) and the Intelligent Platform Management Interface (IPMI) protocol.

An attacker able to compromise a baseboard management controller (BMC) should be able to compromise its parent server. Compromising a server would allow miscreants to copy data from any attached storage, make changes to the operating system, install a backdoor, capture credentials passing through the server, launch denial of service attacks, or simply wipe the hard drives, among many other things.

Attacks like this are easily possible according to Moore, Rapid7's chief research officer and creator of penetrating testing software Metasploit, because vulnerable services are accessible across the net. Research by Moore found that around 308,000 IPMI-enabled BMCs were exposed on the net.

Approximately 195,000 of these devices only support IPMI 1.5, which does not provide any form of encryption. Another 113,000 of these devices support IPMI v2.0, which suffers from serious design flaws.

For example, 53,000 IPMI 2.0 systems are vulnerable to password bypass attacks because they rely upon a weak cipher suite. Passive scans by Moore separately discovered that 35,000 Supermicro BMCs expose an exploitable Universal Plug and Play (UPnP) service.

The security shortcomings under discussion are well beyond the capability of script-kiddies and could only be abused by a skilled and experienced hacker. Even so, it would be wise for sysadmins to listen to the warning implicit in Moore's research.

A blog post by Moore provides recommendations on how enterprises and hosting providers can mitigate the security risk of having their servers pwned. A lot of this comes down to fairly basic stuff: firewalling vulnerable services, disabling the vulnerable Cipher 0 cryptosuite and using complex passwords. Supermicro system users should apply an updated firmware image.

Previous research by Moore earlier this year revealed that everything from medical systems to traffic light boxes is wide open to hackers thanks to a lack of authentication checks. Flawed use of the Universal Plug and Play (UPnP) protocol meant that anything up to 50 million of devices are insecure, Rapid 7 warned in January. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.