Title: CVE-2020-14156. Network IPMI before 2020-04-03 does not ensure the /etc/ipmi_pass file has strong file permissions.
The /etc/ipmi_pass file was created with world-readable permission. Any user with SSH or SCP access to the BMC can read and decode the credentials and escalate to any IPMI user.
A mitigation is to log into the BMC as the root user and change the file permission to 600 (read write only by the owner): chmod 600 /etc/ipmi_pass.
Added link to exact commit. Corrected the explanation of the mitigation: read only by the user was corrected to read write only by the user. The chmod command was correct.
OpenBMC Security Advisory
Title: CVE-2020-14156. Network IPMI before 2020-04-03 does not ensure the
/etc/ipmi_passfile has strong file permissions.The
/etc/ipmi_passfile was created with world-readable permission. Any user with SSH or SCP access to the BMC can read and decode the credentials and escalate to any IPMI user.A mitigation is to log into the BMC as the root user and change the file permission to 600 (read write only by the owner):
chmod 600 /etc/ipmi_pass.The fix is in openbmc/phosphor-host-ipmid commit b265455a2518ece7c004b43c144199ec980fc620, here: openbmc/phosphor-host-ipmid@b265455
For more information, see OpenBMC contact information at
https://github.com/openbmc/openbmc file README.md.
Credit for finding this problem: Michael Henry, Intel Corporation
The text was updated successfully, but these errors were encountered: