APPLE-SA-2007-05-31 Xserve Lights-Out Management Firmware Update 1.0
APPLE-SA-2007-05-31 Xserve Lights-Out Management Firmware Update 1.0
- Subject: APPLE-SA-2007-05-31 Xserve Lights-Out Management Firmware Update 1.0
- From: Apple Product Security <email@hidden>
- Date: Thu, 31 May 2007 14:16:38 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2007-05-31 Xserve Lights-Out Management Firmware Update 1.0
Xserve Lights-Out Management Firmware Update 1.0 is now available.
Along with functionality improvements (see release notes), it also
addresses the following security issue:
Xserve Lights-Out Management Firmware
CVE-ID: CVE-2007-2387
Available for: Intel-based Xserve systems
Impact: A remote user may be able to gain admin privileges on an
Xserve system with IPMI configured in a particular manner
Description: A security vulnerability in Apple's implementation of
IPMI may allow an unprivileged ipmitool user to gain administrative
privileges on an Xserve system. This update addresses the issue by
requiring a password for remote usage of IPMI. This issue only
affects Intel-based Xserve systems. Credit to James Wilson of
LithiumCorp for reporting this issue.
Xserve Lights-Out Management Firmware Update 1.0 may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/
The download file is named: "LOMUpdate.dmg"
Its SHA-1 digest is: ee757ce005e627872535eb2a707785f556d636a7
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQEVAwUBRl8ZqsgAoqu4Rp5tAQj7ggf+Pr7tvWBYrWonkrtg3TVnBblw8Fn+ESZb
ZUPbnrazCarkVFjOBuk792YC6Rj8CmSvtyZdQ3QZiQDUucbeXYHjeb2z22pEhDLH
Zg02Ut9FKIRgGz8QKBvqDkbr5QS+qWZutuHN7AcjcceACaXcJoAOXNOS9wNpdrLZ
gNg+AsMc274CJB6eUZBhp28MwwmKl9oQEr4shYaJ8t81jGG8yXm/UitYDfyakyOq
ZJPhMW6SmN8RtN/vYatX0fKrNzVuPgh811ngbEoGuVgSulQZ3sifzvhJoN8iF1Yi
3Lszn1EdY5MnnMJVeyA0f3IfTN8AmXW3/17gjcFAv1l8UJwjo51U0g==
=pJ+A
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden