SSD Advisory – HP iLO Format String | BOT24

SSD Advisory – HP iLO Format String

Introduction
HP Proliant Servers provide an embedded operating system running on a separate CPU called iLO (Integrated Lights Out). It provides various networking and management features for the server.

Vulnerability Details
HP iLO runs an SSH server by default, and users who log in are dropped into a special isolated type of shell. There is a format string vulnerability triggered by the “show” command which allows a low-level user account to cause a denial of service on the service or potentially execute arbitrary code.


Analysis
Users and Administrators for the server can login and are dropped into an isolated “hpiLO” shell. This shell is unlike a bash or sh environment and more like an isolated CLI. It exposes various commands and verbage to perform operations.


more here...............https://blogs.securiteam.com/index.php/archives/2576
Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment