• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
APPLE-SA-2007-05-31 Xserve Lights-Out Management Firmware Update 1.0
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2007-05-31 Xserve Lights-Out Management Firmware Update 1.0


  • Subject: APPLE-SA-2007-05-31 Xserve Lights-Out Management Firmware Update 1.0
  • From: Apple Product Security <email@hidden>
  • Date: Thu, 31 May 2007 14:16:38 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-05-31 Xserve Lights-Out Management Firmware Update 1.0

Xserve Lights-Out Management Firmware Update 1.0 is now available.
Along with functionality improvements (see release notes), it also
addresses the following security issue:

Xserve Lights-Out Management Firmware
CVE-ID:  CVE-2007-2387
Available for:  Intel-based Xserve systems
Impact:  A remote user may be able to gain admin privileges on an
Xserve system with IPMI configured in a particular manner
Description:  A security vulnerability in Apple's implementation of
IPMI may allow an unprivileged ipmitool user to gain administrative
privileges on an Xserve system. This update addresses the issue by
requiring a password for remote usage of IPMI. This issue only
affects Intel-based Xserve systems. Credit to James Wilson of
LithiumCorp for reporting this issue.

Xserve Lights-Out Management Firmware Update 1.0 may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/

The download file is named:  "LOMUpdate.dmg"
Its SHA-1 digest is:  ee757ce005e627872535eb2a707785f556d636a7

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQEVAwUBRl8ZqsgAoqu4Rp5tAQj7ggf+Pr7tvWBYrWonkrtg3TVnBblw8Fn+ESZb
ZUPbnrazCarkVFjOBuk792YC6Rj8CmSvtyZdQ3QZiQDUucbeXYHjeb2z22pEhDLH
Zg02Ut9FKIRgGz8QKBvqDkbr5QS+qWZutuHN7AcjcceACaXcJoAOXNOS9wNpdrLZ
gNg+AsMc274CJB6eUZBhp28MwwmKl9oQEr4shYaJ8t81jGG8yXm/UitYDfyakyOq
ZJPhMW6SmN8RtN/vYatX0fKrNzVuPgh811ngbEoGuVgSulQZ3sifzvhJoN8iF1Yi
3Lszn1EdY5MnnMJVeyA0f3IfTN8AmXW3/17gjcFAv1l8UJwjo51U0g==
=pJ+A
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


  • Prev by Date: APPLE-SA-2007-05-29 Security Update (QuickTime 7.1.6)
  • Previous by thread: APPLE-SA-2007-05-29 Security Update (QuickTime 7.1.6)
  • Index(es):
    • Date
    • Thread