Feeds

Vulns 'like a hacker camped in the server room' all across the net

So says Metasploit man. Unless our servers have been hacked, anyway

The Essential Guide to IT Transformation

Security holes in server management technology create hacking opportunities almost on par with direct physical access, claims Metasploit creator HD Moore.

The issue arises from security shortcomings involving baseboard management controllers (a type of embedded computer used to provide out-of-band monitoring for desktops and servers, technology installed on nearly all servers) and the Intelligent Platform Management Interface (IPMI) protocol.

An attacker able to compromise a baseboard management controller (BMC) should be able to compromise its parent server. Compromising a server would allow miscreants to copy data from any attached storage, make changes to the operating system, install a backdoor, capture credentials passing through the server, launch denial of service attacks, or simply wipe the hard drives, among many other things.

Attacks like this are easily possible according to Moore, Rapid7's chief research officer and creator of penetrating testing software Metasploit, because vulnerable services are accessible across the net. Research by Moore found that around 308,000 IPMI-enabled BMCs were exposed on the net.

Approximately 195,000 of these devices only support IPMI 1.5, which does not provide any form of encryption. Another 113,000 of these devices support IPMI v2.0, which suffers from serious design flaws.

For example, 53,000 IPMI 2.0 systems are vulnerable to password bypass attacks because they rely upon a weak cipher suite. Passive scans by Moore separately discovered that 35,000 Supermicro BMCs expose an exploitable Universal Plug and Play (UPnP) service.

The security shortcomings under discussion are well beyond the capability of script-kiddies and could only be abused by a skilled and experienced hacker. Even so, it would be wise for sysadmins to listen to the warning implicit in Moore's research.

A blog post by Moore provides recommendations on how enterprises and hosting providers can mitigate the security risk of having their servers pwned. A lot of this comes down to fairly basic stuff: firewalling vulnerable services, disabling the vulnerable Cipher 0 cryptosuite and using complex passwords. Supermicro system users should apply an updated firmware image.

Previous research by Moore earlier this year revealed that everything from medical systems to traffic light boxes is wide open to hackers thanks to a lack of authentication checks. Flawed use of the Universal Plug and Play (UPnP) protocol meant that anything up to 50 million of devices are insecure, Rapid 7 warned in January. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.