First published: Sun Sep 08 2013(Updated: )
Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Supermicro H8dcl-6f | ||
Supermicro H8dcl-if | ||
Supermicro H8dct-hibqf | ||
Supermicro H8dct-hln4f | ||
Supermicro H8dct-ibqf | ||
Supermicro H8dg6-f | ||
Supermicro H8dgg-qf | ||
Supermicro H8dgi-f | ||
Supermicro H8dgt-hf | ||
Supermicro H8dgt-hibqf | ||
Supermicro H8dgt-hlf | ||
Supermicro H8dgt-hlibqf | ||
Supermicro H8dgu-f | ||
Supermicro H8dgu-ln4f\+ | ||
Supermicro H8scm-f | ||
Supermicro H8sgl-f | ||
Supermicro H8sme-f | ||
Supermicro H8sml-7 | ||
Supermicro H8sml-7f | ||
Supermicro H8sml-i | ||
Supermicro H8sml-if | ||
Supermicro X7spa-hf | ||
Supermicro X7spa-hf-d525 | ||
Supermicro X7spe-h-d525 | ||
Supermicro X7spe-hf | ||
Supermicro X7spe-hf-d525 | ||
Supermicro X7spt-df-d525 | ||
Supermicro X7spt-df-d525\+ | ||
Supermicro X8dtl-3f | ||
Supermicro X8dtl-6f | ||
Supermicro X8dtl-if | ||
Supermicro X8dtn\+-f | ||
Supermicro X8dtn\+-f-lr | ||
Supermicro X8dtu-6f\+ | ||
Supermicro X8dtu-6f\+-lr | ||
Supermicro X8dtu-6tf\+ | ||
Supermicro X8dtu-6tf\+-lr | ||
Supermicro X8dtu-ln4f\+ | ||
Supermicro X8dtu-ln4f\+-lr | ||
Supermicro X8si6-f | ||
Supermicro X8sia-f | ||
Supermicro X8sie-f | ||
Supermicro X8sie-ln4f | ||
Supermicro X8sil-f | ||
Supermicro X8sit-f | ||
Supermicro X8sit-hf | ||
Supermicro X8siu-f | ||
Supermicro X9dax-7f | ||
Supermicro X9dax-7f-hft | ||
Supermicro X9dax-7tf | ||
Supermicro X9dax-if | ||
Supermicro X9dax-if-hft | ||
Supermicro X9dax-itf | ||
Supermicro X9db3-f | ||
Supermicro X9db3-tpf | ||
Supermicro X9dbi-f | ||
Supermicro X9dbi-tpf | ||
Supermicro X9dbl-3f | ||
Supermicro X9dbl-if | ||
Supermicro X9dbu-3f | ||
Supermicro X9dbu-if | ||
Supermicro X9dr3-f | ||
Supermicro X9dr3-ln4f\+ | ||
Supermicro X9dr7-ln4f | ||
Supermicro X9dr7-ln4f-jbod | ||
Supermicro X9dr7-tf\+ | ||
Supermicro X9drd-7jln4f | ||
Supermicro X9drd-7ln4f | ||
Supermicro X9drd-7ln4f-jbod | ||
Supermicro X9drd-ef | ||
Supermicro X9drd-if | ||
Supermicro X9dre-ln4f | ||
Supermicro X9dre-tf\+ | ||
Supermicro X9drff | ||
Supermicro X9drff-7 | ||
Supermicro X9drff-7\+ | ||
Supermicro X9drff-7g\+ | ||
Supermicro X9drff-7t\+ | ||
Supermicro X9drff-7tg\+ | ||
Supermicro X9drff-i\+ | ||
Supermicro X9drff-ig\+ | ||
Supermicro X9drff-it\+ | ||
Supermicro X9drff-itg\+ | ||
Supermicro X9drfr | ||
Supermicro X9drg-hf | ||
Supermicro X9drg-hf\+ | ||
Supermicro X9drg-htf | ||
Supermicro X9drg-htf\+ | ||
Supermicro X9drh-7f | ||
Supermicro X9drh-7tf | ||
Supermicro X9drh-if | ||
Supermicro X9drh-itf | ||
Supermicro X9dri-f | ||
Supermicro X9dri-ln4f\+ | ||
Supermicro X9drl-3f | ||
Supermicro X9drl-ef | ||
Supermicro X9drl-if | ||
Supermicro X9drt-f | ||
Supermicro X9drt-h6f | ||
Supermicro X9drt-h6ibff | ||
Supermicro X9drt-h6ibqf | ||
Supermicro X9drt-hf\+ | ||
Supermicro X9drt-ibff | ||
Supermicro X9drt-ibqf | ||
Supermicro X9drw-3ln4f\+ | ||
Supermicro X9drw-3tf\+ | ||
Supermicro X9drw-7tpf\+ | ||
Supermicro X9drw-itpf\+ | ||
Supermicro X9drx\+-f | ||
Supermicro X9qr7-tf | ||
Supermicro X9qr7-tf\+ | ||
Supermicro X9qr7-tf-jbod | ||
Supermicro X9qri-f | ||
Supermicro X9qri-f\+ | ||
Supermicro X9sbaa-f | ||
Supermicro X9sca-f | ||
Supermicro X9scd-f | ||
Supermicro X9sce-f | ||
Supermicro X9scff-f | ||
Supermicro X9sci-ln4f | ||
Supermicro X9scl\+-f | ||
Supermicro X9scl-f | ||
Supermicro X9scm-f | ||
Supermicro X9scm-iif | ||
Supermicro X9spu-f | ||
Supermicro X9srd-f | ||
Supermicro X9sre-3f | ||
Supermicro X9sre-f | ||
Supermicro X9srg-f | ||
Supermicro X9sri-3f | ||
Supermicro X9sri-f | ||
Supermicro X9srl-f | ||
Supermicro X9srw-f |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.