Home / mailings APPLE-SA-2007-05-31 Xserve Lights-Out Management Firmware Update
Posted on 31 May 2007
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2007-05-31 Xserve Lights-Out Management Firmware Update 1.0
Xserve Lights-Out Management Firmware Update 1.0 is now available.
Along with functionality improvements (see release notes), it also
addresses the following security issue:
Xserve Lights-Out Management Firmware
CVE-ID: CVE-2007-2387
Available for: Intel-based Xserve systems
Impact: A remote user may be able to gain admin privileges on an
Xserve system with IPMI configured in a particular manner
Description: A security vulnerability in Apple's implementation of
IPMI may allow an unprivileged ipmitool user to gain administrative
privileges on an Xserve system. This update addresses the issue by
requiring a password for remote usage of IPMI. This issue only
affects Intel-based Xserve systems. Credit to James Wilson of
LithiumCorp for reporting this issue.
Xserve Lights-Out Management Firmware Update 1.0 may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/
The download file is named: "LOMUpdate.dmg"
Its SHA-1 digest is: ee757ce005e627872535eb2a707785f556d636a7
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
