How to find AMI MegaRAC BMCs running lighttpd with runZero
2024-4-12 04:8:0 Author: securityboulevard.com(查看原文) 阅读量:7 收藏

Latest lighttpd vulnerability

Binarly Research discovered that AMI MegaRAC Baseboard Management Controllers (BMC) on servers running lighttpd before version 1.4.51 are susceptible to an out-of-bounds (OOB) heap memory read.

This vulnerability was patched silently in version 1.4.51 and no CVE was assigned as a result. Binarly calculated CVSS v3.1: 5.3 Medium AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What is the impact?

AMI MegaRAC BMCs on servers running lighttpd before version 1.4.51 are susceptible to OOB heap reads which could allow an attacker to exfiltrate sensitive data from the system and bypass security mechanisms. This OOB read does not provide the contents of the specified memory location, only a boolean response indicating whether this memory location matches a specified value. As a result, while this issue can be used to leak memory contents, it requires substantially more effort to exploit compared to a vulnerability like Heartbleed.

Are updates or workarounds available?

Intel and Lenovo have both indicated that the affected systems are end-of-life (EOL) and will not receive updates. Given the lack of updates, runZero recommends using network segmentation to prevent access to these unpatched lighttpd services from untrusted networks. Best practices for BMCs typically include isolating these interfaces to a dedicated management network, and leveraging VPNs to provide remote access as needed.

How do I find potentially vulnerable systems with runZero?

From the Services Inventory, use the following query to locate systems running potentially vulnerable software:

product:lighttpd (_service.product:=lighttpd:lighttpd:1.4.0% OR _service.product:=lighttpd:lighttpd:1.4.1% OR _service.product:=lighttpd:lighttpd:1.4.2% OR _service.product:=lighttpd:lighttpd:1.4.3% OR _service.product:=lighttpd:lighttpd:1.4.4% OR _service.product:=lighttpd:1.4.50)

Please note that this query may return results for many other hardware platforms other than AMI MegaRAC BMCs. runZero is investigating which of these additional devices are affected and will update this post shortly with the results.

*** This is a Security Bloggers Network syndicated blog from runZero Blog authored by Blain Smith. Read the original post at: https://www.runzero.com/blog/lighttpd/


文章来源: https://securityboulevard.com/2024/04/how-to-find-ami-megarac-bmcs-running-lighttpd-with-runzero/
如有侵权请联系:admin#unsafe.sh