There was a bug found by AWS Security that affected the IPMI simulator, ipmi_sim. It does NOT affect the main library, just the simulator. This is mainly used for testing (by OpenIPMI and others) but I am fairly sure that some people are using this in production systems to control QEMU systems and to provide serial over LAN access to those systems. Unfortunately, I do not know who is using it for this purpose.
The bug is a missing check on the authorization type on incoming LAN messages. This can certainly be used to DOS ipmi_sim by causing it to crash by doing an index outside of an array. Since the value is 4 bits for old IPMI LAN and 8 bits for RMCP+, there is a limited range of what can be addressed. So there is a low probability that it could be used to cause messages to be authenticated without being actually authenticated. There is a very low probability it can be used for arbitrary code execution. So if you are using ipmi_sim, you should upgrade to OpenIPMI 2.0.36 or later. This is fixed by b52e8e2538b2 "lanserv: Check some bounds on incoming messages" with another fix, 4c129d0540f "lanserv: Fix an issue with authorization range checking" that fixes a bug introduced by the first change. -corey _______________________________________________ Openipmi-developer mailing list Openipmi-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openipmi-developer
