Waɗannan lahani suna haifar da babban haɗari ga sarkar samar da fasahar da ke ƙarƙashin lissafin girgije.
Kwanan nan Masu binciken Eclypsium, sun fito ta hanyar rubutun blog, waɗanda suka ganoko jerin lahani a cikin direbobin BMC sanye take da firmware Amurka Megatrends MegaRAC (AMI), wanda yawancin masana'antun uwar garken ke amfani da shi don tsara sarrafa kayan aiki mai cin gashin kansa.
Ga waɗanda ba su saba da BMC ba, wannan ƙwararre ce mai sarrafawa da aka shigar a cikin sabobin da ke da nasa CPU, ƙwaƙwalwar ajiya, ajiya, da mu'amalar zaɓen firikwensin, yana ba da ƙaramin matakin dubawa don kulawa da sarrafa kayan aikin uwar garken. .
Tun da kayan aikin da aka sanya a cibiyoyin bayanai galibi suna hade ne, ana iya kai hari ta hanyar BMC nan da nan a fadin duk sabobin a cikin cibiyar bayanai bayan daya daga cikin tsarin ya lalace. Hakanan za'a iya amfani da rashin lahani don kai hari ga masu samar da gajimare ko tsarin ƙima daga tsarin baƙi.
Game da raunin da ya faru, an ambaci cewa Waɗannan suna ba da damar maharin da ba a tantance shi ba don samun dama zuwa yanayin sarrafa BMC kuma gudanar da lambar ku a matakin firmware ta hanyar aika buƙatun ƙirƙira na musamman zuwa tashar HTTP ta hanyar sarrafa Redfish.
Matsalar wannan ita ce, a matsayinka na gaba ɗaya, samun dama gal BMC yana buɗewa don cibiyar sadarwar gida kawai ko cibiyar sadarwa ta bayanai, amma yana faruwa cewa baya rufewa don samun dama daga hanyar sadarwar duniya ma. Hakanan ana iya yin amfani da rashin ƙarfi a cikin BMC ta hanyar shiga tsarin aiki na gida don lalata kwamfutar.
An ambata cewa sami dama ga maharan zuwa yanayin software na BMC, wanda ke aiki ba tare da la'akari da tsarin aiki da ke gudana akan uwar garken ba, yana ba da damar aiwatar da yanayin harin kamar maye gurbin firmware, nisa booting tsarin ku akan hanyar sadarwar, lalata na'ura mai ba da hanya tsakanin hanyoyin sadarwa (misali, saka idanu akan ayyukan gudanarwa akan tsarin da sauya shigar da shigarwa), gazawar kayan aiki (misali, ta hanyar haɓaka ƙarfin lantarki da ake bayarwa ga processor ko " rushewa” da firmware), katsewar aiki mai ƙarfi (farawar sake kunnawa da katsewar wutar lantarki), ta yin amfani da yanayin BMC azaman maɓuɓɓugar ruwa don hare-hare akan wasu tsarin.
Game da raunin da aka gano, an ambaci cewa mafi mahimmanci shine:
- BAKU-2023-34329: wannan daya ne rashin lafiyar kewayewa ta hanyar wucewa da gyare-gyaren taken HTTP lokacin aika buƙatu zuwa mahaɗin yanar gizo na Redfish. Batun raunin shine Redfish yana goyan bayan hanyoyin tabbatarwa guda biyu: "Basic Auth" lokacin shiga daga waje da "Babu Auth" lokacin samun dama daga adiresoshin IP na ciki ko kebul na USB0. A cikin firmware tare da yanayin "Babu Tabbatarwa" an kunna, maharin zai iya amfani da wannan yanayin ta canza taken HTTP lokacin samun damar API daga hanyar sadarwa ta waje. Misali, maharin da ba a tantance shi ba zai iya amfani da API don ƙirƙirar sabon asusu, sannan ya yi amfani da shi don samun cikakkiyar dama ga mahaɗan Redfish.
- BAKU-2023-34330: Yana da rashin lafiyar maye gurbin lambar ta hanyar Mai Rarraba Redfish Extension interface. Aiwatar da Redfish na AMI yana da fasalin gyara kurakurai ga masu haɓaka firmware waɗanda yana ba da damar tushen lambar yin aiki a cikin yanayin BMC ta hanyar aika buƙatun HTTP POST na musamman. Saboda wasu dalilai, ba a kashe wannan fasalin gyara kuskure ba a samar da firmware lokacin gudanar da tambayoyi daga tsarin gida. Yin amfani da yanayin "Babu Tabbatarwa", mai hari akan tsarin gida zai iya aiwatar da kowace lamba a matakin guntu na BNC ba tare da wucewa ta tantancewa ba.
- A hade tare da raunin CVE-2023-34329, batun yana ba da damar mai kai hari mai nisa, wanda zai iya aika buƙatun hanyar sadarwa zuwa tashar jiragen ruwa na BMC management interface HTTP tashar jiragen ruwa, don yin kwatancen aika buƙatun daga cibiyar sadarwar cikin gida da aiwatar da kowane lamba a matakin firmware na BMC. .
A ƙarshe yana da kyau a ambata cewa an warware matsalolin a cikin sabunta firmware na kwanan nan. Natsuwa mai sha'awar ƙarin sani game da shi, zaka iya bincika bayanan a cikin bin hanyar haɗi.