CWE
119
Advisory Published
Updated

CVE-2013-3607: Buffer Overflow

First published: Sun Sep 08 2013(Updated: )

Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.

Credit: cret@cert.org

Affected SoftwareAffected VersionHow to fix
Supermicro H8dcl-6f
Supermicro H8dcl-if
Supermicro H8dct-hibqf
Supermicro H8dct-hln4f
Supermicro H8dct-ibqf
Supermicro H8dg6-f
Supermicro H8dgg-qf
Supermicro H8dgi-f
Supermicro H8dgt-hf
Supermicro H8dgt-hibqf
Supermicro H8dgt-hlf
Supermicro H8dgt-hlibqf
Supermicro H8dgu-f
Supermicro H8dgu-ln4f\+
Supermicro H8scm-f
Supermicro H8sgl-f
Supermicro H8sme-f
Supermicro H8sml-7
Supermicro H8sml-7f
Supermicro H8sml-i
Supermicro H8sml-if
Supermicro X7spa-hf
Supermicro X7spa-hf-d525
Supermicro X7spe-h-d525
Supermicro X7spe-hf
Supermicro X7spe-hf-d525
Supermicro X7spt-df-d525
Supermicro X7spt-df-d525\+
Supermicro X8dtl-3f
Supermicro X8dtl-6f
Supermicro X8dtl-if
Supermicro X8dtn\+-f
Supermicro X8dtn\+-f-lr
Supermicro X8dtu-6f\+
Supermicro X8dtu-6f\+-lr
Supermicro X8dtu-6tf\+
Supermicro X8dtu-6tf\+-lr
Supermicro X8dtu-ln4f\+
Supermicro X8dtu-ln4f\+-lr
Supermicro X8si6-f
Supermicro X8sia-f
Supermicro X8sie-f
Supermicro X8sie-ln4f
Supermicro X8sil-f
Supermicro X8sit-f
Supermicro X8sit-hf
Supermicro X8siu-f
Supermicro X9dax-7f
Supermicro X9dax-7f-hft
Supermicro X9dax-7tf
Supermicro X9dax-if
Supermicro X9dax-if-hft
Supermicro X9dax-itf
Supermicro X9db3-f
Supermicro X9db3-tpf
Supermicro X9dbi-f
Supermicro X9dbi-tpf
Supermicro X9dbl-3f
Supermicro X9dbl-if
Supermicro X9dbu-3f
Supermicro X9dbu-if
Supermicro X9dr3-f
Supermicro X9dr3-ln4f\+
Supermicro X9dr7-ln4f
Supermicro X9dr7-ln4f-jbod
Supermicro X9dr7-tf\+
Supermicro X9drd-7jln4f
Supermicro X9drd-7ln4f
Supermicro X9drd-7ln4f-jbod
Supermicro X9drd-ef
Supermicro X9drd-if
Supermicro X9dre-ln4f
Supermicro X9dre-tf\+
Supermicro X9drff
Supermicro X9drff-7
Supermicro X9drff-7\+
Supermicro X9drff-7g\+
Supermicro X9drff-7t\+
Supermicro X9drff-7tg\+
Supermicro X9drff-i\+
Supermicro X9drff-ig\+
Supermicro X9drff-it\+
Supermicro X9drff-itg\+
Supermicro X9drfr
Supermicro X9drg-hf
Supermicro X9drg-hf\+
Supermicro X9drg-htf
Supermicro X9drg-htf\+
Supermicro X9drh-7f
Supermicro X9drh-7tf
Supermicro X9drh-if
Supermicro X9drh-itf
Supermicro X9dri-f
Supermicro X9dri-ln4f\+
Supermicro X9drl-3f
Supermicro X9drl-ef
Supermicro X9drl-if
Supermicro X9drt-f
Supermicro X9drt-h6f
Supermicro X9drt-h6ibff
Supermicro X9drt-h6ibqf
Supermicro X9drt-hf\+
Supermicro X9drt-ibff
Supermicro X9drt-ibqf
Supermicro X9drw-3ln4f\+
Supermicro X9drw-3tf\+
Supermicro X9drw-7tpf\+
Supermicro X9drw-itpf\+
Supermicro X9drx\+-f
Supermicro X9qr7-tf
Supermicro X9qr7-tf\+
Supermicro X9qr7-tf-jbod
Supermicro X9qri-f
Supermicro X9qri-f\+
Supermicro X9sbaa-f
Supermicro X9sca-f
Supermicro X9scd-f
Supermicro X9sce-f
Supermicro X9scff-f
Supermicro X9sci-ln4f
Supermicro X9scl\+-f
Supermicro X9scl-f
Supermicro X9scm-f
Supermicro X9scm-iif
Supermicro X9spu-f
Supermicro X9srd-f
Supermicro X9sre-3f
Supermicro X9sre-f
Supermicro X9srg-f
Supermicro X9sri-3f
Supermicro X9sri-f
Supermicro X9srl-f
Supermicro X9srw-f

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203