CVE-2013-3607 Information

Description

Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC* H8DG* H8SCM-F H8SGL-F H8SM* X7SP* X8DT* X8SI* X9DAX-* X9DB* X9DR* X9QR* X9SBAA-F X9SC* X9SPU-F and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC) as demonstrated by the (1) username or (2) password field in login.cgi.

Reference

http://www.kb.cert.org/vuls/id/648646 http://www.securityfocus.com/bid/62094 http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013 https://support.citrix.com/article/CTX216642 https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf