Summary
Reference
Document ID: KM02992237 (c01037314)
Version: 1
Release Date: 2004-04-05
Last Updated: 2007-04-25
Potential Security Impact: Remote unauthorized access to offline utilities
Source: Hewlett Packard Enterprise, HPE Product Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP Carrier Grade Servers resulting in remote unauthorized access to certain offline utilities.
References: Intel Action Alert AA-679-1
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP systems that are impacted:
路 hp carrier grade server cc2300 - A6898A, A6899A
路 hp carrier grade server cc3300 - A6900A, A6901A
路 hp carrier grade server cc3310 - A9862A, A9863A
BACKGROUND
Intel has notified HP and other computer manufacturers of an issue with four Intel庐 server setup utilities per Intel Action Alert AA-679-1.
路 System Setup Utility (SSU)
路 Client System Setup Utility (CSSU)
路 Server Configuration Wizard (SCW)
路 CLI Auto-configuration Utility
An invalid firmware setting is present after using Intel server setup utilities to configure LAN management. This issue has the potential to affect system security, resulting in unauthorized access to certain offline utilities. If LAN Management is not enabled the system will not be affected by this issue.
The problem has not been reported by any HP customers. However, because Intel is strongly committed to delivering high quality products, it has developed a utility to correct the invalid firmware settings. The BmcLanFix utility and instructions are listed at the following Intel web site: http://support.intel.com/support/motherboards/server/sb/CS-010422.htm
HP and Intel strongly recommend that customers who enable LAN management download the BmcLanFix utility and run it to correct the invalid configuration on servers that have IPMI based LAN management enabled. This utility must be run whenever enabling LAN Management. Additionally, the utility must be reapplied whenever the configuration is saved while LAN Management is enabled.
If you have questions or require help, please contact your local HP support representative or sales office. We appreciate your business and look forward to serving your future computing needs.
Regards,
Hewlett-Packard Company
RESOLUTION
HP and Intel strongly recommend that customers who enable LAN management download the BmcLanFix utility and run it to correct the invalid configuration on servers that have IPMI based LAN management enabled. This utility must be run whenever enabling LAN Management. Additionally, the utility must be reapplied whenever the configuration is saved while LAN Management is enabled.
The BmcLanFix utility and instructions are listed at the following Intel web site:http://support.intel.com/support/motherboards/server/sb/CS-010422.htm
HISTORY
Revision: 0 (rev.0) - 5 April 2004 Initial release
Version: 1 (rev.1) - Skipped for formatting reasons
Version: 2 (rev.2) - 26 April 2007 Reformatted
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."