[Pkg-freeipmi-devel] CVE-2013-4786
Bernd Zeimetz
bernd at bzed.de
Tue Jul 23 20:25:18 UTC 2013
On 07/23/2013 09:54 PM, Ferenc Wagner wrote:
> Helmut Grohne <helmut at subdivi.de> writes:
>
>> Please help with sorting out what (if any) action is required to handle
>> CVE-2013-4786. Quoting the description:
>>
>>> The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange
>>> Protocol (RAKP) authentication, which allows remote attackers to obtain
>>> password hashes and conduct offline password guessing attacks by
>>> obtaining the HMAC from a RAKP message 2 response from a BMC.
>>
>> [...] Please determine whether your package implements the relevant
>> part of the IPMI specification and report back. If you have domain
>> knowledge, shedding light on the impact of the issue would be nice.
>
> Hi, freeipmi does implement RAKP. Looks like that is not a secure
> protocol, but what can a client do about this? I'm not an expert,
> though.
After having a short look at http://fish2.com/ipmi/remote-pw-cracking.html -
which was linked on http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4786
- I fail to understand what should be fixed in the client. The BMCs implements
this protocol, so if we want to talk to them, we have to use it, even if it has
security flaws.
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
More information about the Pkg-freeipmi-devel
mailing list