Apple’s released the ever so exciting and intriguing Xserve Lights Out Management update. It slices, it dices, this new firmware enhances the reliability for the monitoring and management features of your Xserve.
But wait, there’s more. It also addresses a security issue.
Xserve Lights-Out Management Firmware
CVE-ID: CVE-2007-2387
Available for: Intel-based Xserve systems
Impact: A remote user may be able to gain admin privileges on an Xserve system with IPMI configured in a particular manner
Description: A security vulnerability in Apple’s implementation of IPMI may allow an unprivileged ipmitool user to gain administrative privileges on an Xserve system. This update addresses the issue by requiring a password for remote usage of IPMI. This issue only affects Intel-based Xserve systems. Credit to James Wilson of LithiumCorp for reporting this issue.
Sounds like a good thing to fix. I think.
