Yorick
Wizard
- Joined
- Nov 4, 2018
- Messages
- 1,912
The firmware for the BMC chips on many a SuperMicro board has a vulnerability that would allow a takeover of the BMC from the server’s OS.
Full impact of that vuln hasn’t been disclosed yet. Judging by the description, this would require malware on the target system to carry out the attack, via PCIe or LPC. Which is not a big concern on FreeNAS.
I wonder whether a guest could attack a host. Probably not unless there is another vuln that allows the guest access to the host hardware. Or if the guest has access to PCI passthrough because the host was configured that way.
This was found by engineers who work on OpenBMC firmware in IBM servers.
Even though the risk of seeing this exploited on a FreeNAS server is small, I’d still patch as soon as SM release patches. It’s a way for malware to get “sticky” through anchoring itself in the BMC.
https://www.supermicro.com/support/security_CVE-2019-6260.cfm
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6260
https://m.heise.de/security/meldung/Pants-down-Sicherheitsluecke-in-Server-Fernwartung-4296144.html (use translate if you don’t speak German)
Full impact of that vuln hasn’t been disclosed yet. Judging by the description, this would require malware on the target system to carry out the attack, via PCIe or LPC. Which is not a big concern on FreeNAS.
I wonder whether a guest could attack a host. Probably not unless there is another vuln that allows the guest access to the host hardware. Or if the guest has access to PCI passthrough because the host was configured that way.
This was found by engineers who work on OpenBMC firmware in IBM servers.
Even though the risk of seeing this exploited on a FreeNAS server is small, I’d still patch as soon as SM release patches. It’s a way for malware to get “sticky” through anchoring itself in the BMC.
https://www.supermicro.com/support/security_CVE-2019-6260.cfm
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6260
https://m.heise.de/security/meldung/Pants-down-Sicherheitsluecke-in-Server-Fernwartung-4296144.html (use translate if you don’t speak German)
