IPMI Security Updates

From Thomas-Krenn-Wiki
Jump to: navigation, search

Like every operating system, also IPMI remote management chips must be regularly supplied with security updates. This article lists the available security updates for the IPMI chips of Supermicro-based Thomas-Krenn Servers, and which firmware version specific closes certain vulnerabilities (CVE-mentioned numbers).

IPMI Firmware Update Matrix

The following matrix shows the firmware versions for all Supermicro X9 and X10-based systems:[1]

Supermicro X10 Motherboards
(ASPEED-ATEN)
Supermicro X9 Motherboards
(Nuvoton-ATEN)
Update for CVE-2015-0235 (glibc library),
CVE-2015-0291 (openssl ClientHello DoS),
CVE-2015-0204 (FREAK OpenSSL vulnerability)
Supermicro is investigating these CVEs.[1]
Available for download at the Thomas-Krenn download section 1.90
(SMT_X10_190.bin)
(Firmware Build Date 2015-02-17)
3.40
(SMT_X9_340.bin)
(Firmware Build Date 2015-04-06)
Update for CVE-2014-3566 (POODLE SSLv3) 1.76 3.35
Update for CVE-2013-4786 (Weak hash for RAKP) - 3.19
Update for CVE-2013-3622 (CGI: logout.cgi) 1.24 3.17
Update for CVE-2013-3619 (Static Encryption Keys) - 3.17
Update for CVE-2013-3621 (CGI: login.cgi),
CVE-2013-3623 (CGI: close_window.cgi)
1.24 3.15

Additional Resources

References

  1. 1.0 1.1 Firmware Fixes to Common Vulnerabilities and Exposures (www.supermicro.com)


Foto Werner Fischer.jpg

Author: Werner Fischer

Werner Fischer, working in the Web Operations & Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.


Related articles

ASPEED AST2400 IPMI Chip with ATEN-Software
Nuvoton WPCM450R IPMI Chip with ATEN-Software
Supermicro IPMI Security Updates November 2013