Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Advisory for CVE-2020-14156 - Network IPMI file permissions #3670

Closed
joseph-reynolds opened this issue Jun 15, 2020 · 2 comments
Closed
Assignees

Comments

@joseph-reynolds
Copy link
Contributor

joseph-reynolds commented Jun 15, 2020

OpenBMC Security Advisory

Title: CVE-2020-14156. Network IPMI before 2020-04-03 does not ensure the /etc/ipmi_pass file has strong file permissions.

The /etc/ipmi_pass file was created with world-readable permission. Any user with SSH or SCP access to the BMC can read and decode the credentials and escalate to any IPMI user.

A mitigation is to log into the BMC as the root user and change the file permission to 600 (read write only by the owner): chmod 600 /etc/ipmi_pass.

The fix is in openbmc/phosphor-host-ipmid commit b265455a2518ece7c004b43c144199ec980fc620, here: openbmc/phosphor-host-ipmid@b265455

For more information, see OpenBMC contact information at
https://github.com/openbmc/openbmc file README.md.

Credit for finding this problem: Michael Henry, Intel Corporation

@joseph-reynolds joseph-reynolds self-assigned this Jun 15, 2020
@joseph-reynolds joseph-reynolds changed the title Reserved for bug report Security Advisory for CVE-2020-14156 - Network IPMI file permissions Jun 15, 2020
@joseph-reynolds
Copy link
Contributor Author

Added link to exact commit. Corrected the explanation of the mitigation: read only by the user was corrected to read write only by the user. The chmod command was correct.

@joseph-reynolds
Copy link
Contributor Author

On OpenPOWER systems, you may see a service Fixup IPMI file modes to mitigate this problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant