Xserve Lights-Out Management Firmware Update 1.0 is now available.
Along with functionality improvements (see release notes), it also
addresses the following security issue:
Xserve Lights-Out Management Firmware
CVE-ID: CVE-2007-2387
Available for: Intel-based Xserve systems
Impact: A remote user may be able to gain admin privileges on an
Xserve system with IPMI configured in a particular manner
Description: A security vulnerability in Apple's implementation of
IPMI may allow an unprivileged ipmitool user to gain administrative
privileges on an Xserve system. This update addresses the issue by
requiring a password for remote usage of IPMI. This issue only
affects Intel-based Xserve systems. Credit to James Wilson of
LithiumCorp for reporting this issue.
Xserve Lights-Out Management Firmware Update 1.0 may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/
The download file is named: "LOMUpdate.dmg"
Its SHA-1 digest is: ee757ce005e627872535eb2a707785f556d636a7
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
