ID CVE-2013-3607
Summary Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.
References
Vulnerable Configurations
  • SuperMicro H8DCL-6F
    cpe:2.3:h:supermicro:h8dcl-6f
  • SuperMicro H8DCL-IF
    cpe:2.3:h:supermicro:h8dcl-if
  • SuperMicro H8DCT-HIBQF
    cpe:2.3:h:supermicro:h8dct-hibqf
  • SuperMicro H8DCT-HLN4F
    cpe:2.3:h:supermicro:h8dct-hln4f
  • SuperMicro H8DCT-IBQF
    cpe:2.3:h:supermicro:h8dct-ibqf
  • SuperMicro H8DG6-F
    cpe:2.3:h:supermicro:h8dg6-f
  • SuperMicro H8DGG-QF
    cpe:2.3:h:supermicro:h8dgg-qf
  • SuperMicro H8DGI-F
    cpe:2.3:h:supermicro:h8dgi-f
  • SuperMicro H8DGT-HF
    cpe:2.3:h:supermicro:h8dgt-hf
  • SuperMicro H8DGT-HIBQF
    cpe:2.3:h:supermicro:h8dgt-hibqf
  • SuperMicro H8DGT-HLF
    cpe:2.3:h:supermicro:h8dgt-hlf
  • SuperMicro H8DGT-HLIBQF
    cpe:2.3:h:supermicro:h8dgt-hlibqf
  • SuperMicro H8DGU-F
    cpe:2.3:h:supermicro:h8dgu-f
  • SuperMicro H8DGU-LN4F+
    cpe:2.3:h:supermicro:h8dgu-ln4f%2b
  • SuperMicro H8SCM-F
    cpe:2.3:h:supermicro:h8scm-f
  • SuperMicro H8SQL-F
    cpe:2.3:h:supermicro:h8sgl-f
  • SuperMicro H8SME-F
    cpe:2.3:h:supermicro:h8sme-f
  • SuperMicro H8SML-7
    cpe:2.3:h:supermicro:h8sml-7
  • SuperMicro H8SML-7F
    cpe:2.3:h:supermicro:h8sml-7f
  • SuperMicro H8SML-I
    cpe:2.3:h:supermicro:h8sml-i
  • SuperMicro H8SML-IF
    cpe:2.3:h:supermicro:h8sml-if
  • SuperMicro X7SPA-HF
    cpe:2.3:h:supermicro:x7spa-hf
  • SuperMicro X7SPA-HF-525
    cpe:2.3:h:supermicro:x7spa-hf-d525
  • SuperMicro X7SPE-H-D525
    cpe:2.3:h:supermicro:x7spe-h-d525
  • SuperMicro X7SPE-HF
    cpe:2.3:h:supermicro:x7spe-hf
  • SuperMicro X7SPE-HF-D525
    cpe:2.3:h:supermicro:x7spe-hf-d525
  • SuperMicro X7SPT-DF-D525
    cpe:2.3:h:supermicro:x7spt-df-d525
  • SuperMicro X7SPT-DF-D525+
    cpe:2.3:h:supermicro:x7spt-df-d525%2b
  • SuperMicro X8DTL-3F
    cpe:2.3:h:supermicro:x8dtl-3f
  • SuperMicro X8DTL-6F
    cpe:2.3:h:supermicro:x8dtl-6f
  • SuperMicro X8DTL-IF
    cpe:2.3:h:supermicro:x8dtl-if
  • SuperMicro X8DTN+-F
    cpe:2.3:h:supermicro:x8dtn%2b-f
  • SuperMicro X8DTN+-F-LR
    cpe:2.3:h:supermicro:x8dtn%2b-f-lr
  • SuperMicro X8DTU-6+
    cpe:2.3:h:supermicro:x8dtu-6f%2b
  • SuperMicro X8DTU-6+-LR
    cpe:2.3:h:supermicro:x8dtu-6f%2b-lr
  • SuperMicro X8DTU-6TF+
    cpe:2.3:h:supermicro:x8dtu-6tf%2b
  • SuperMicro X8DTU-6TF+-LR
    cpe:2.3:h:supermicro:x8dtu-6tf%2b-lr
  • SuperMicro X8DTU-LNF+
    cpe:2.3:h:supermicro:x8dtu-ln4f%2b
  • SuperMicro X8DTU-LN4F+-LR
    cpe:2.3:h:supermicro:x8dtu-ln4f%2b-lr
  • SuperMicro X8SI6-F
    cpe:2.3:h:supermicro:x8si6-f
  • SuperMicro X8SIA-F
    cpe:2.3:h:supermicro:x8sia-f
  • SuperMicro X8SIE-F
    cpe:2.3:h:supermicro:x8sie-f
  • SuperMicro X8SIE-LN4F
    cpe:2.3:h:supermicro:x8sie-ln4f
  • SuperMicro X8SIL-T
    cpe:2.3:h:supermicro:x8sil-f
  • SuperMicro X8SIT-F
    cpe:2.3:h:supermicro:x8sit-f
  • SuperMicro X8SIT-HF
    cpe:2.3:h:supermicro:x8sit-hf
  • SuperMicro X8SIU-F
    cpe:2.3:h:supermicro:x8siu-f
  • SuperMicro X9DAX-7F
    cpe:2.3:h:supermicro:x9dax-7f
  • SuperMicro X9DAX-7F-HFT
    cpe:2.3:h:supermicro:x9dax-7f-hft
  • SuperMicro X9DAX-7TF
    cpe:2.3:h:supermicro:x9dax-7tf
  • SuperMicro X9DAX-IF
    cpe:2.3:h:supermicro:x9dax-if
  • SuperMicro X9DAX-IF-HFT
    cpe:2.3:h:supermicro:x9dax-if-hft
  • SuperMicro X9DAX-ITF
    cpe:2.3:h:supermicro:x9dax-itf
  • SuperMicro X9DB3-F
    cpe:2.3:h:supermicro:x9db3-f
  • SuperMicro X9DB3-TPF
    cpe:2.3:h:supermicro:x9db3-tpf
  • SuperMicro X9DBI-F
    cpe:2.3:h:supermicro:x9dbi-f
  • SuperMicro X9DBI-TPF
    cpe:2.3:h:supermicro:x9dbi-tpf
  • SuperMicro X9DBL-3F
    cpe:2.3:h:supermicro:x9dbl-3f
  • SuperMicro X9DBL-IF
    cpe:2.3:h:supermicro:x9dbl-if
  • SuperMicro X9DBU-3F
    cpe:2.3:h:supermicro:x9dbu-3f
  • SuperMicro X9DBU-IF
    cpe:2.3:h:supermicro:x9dbu-if
  • SuperMicro X9DR3-F
    cpe:2.3:h:supermicro:x9dr3-f
  • SuperMicro X9DR3-LN4F+
    cpe:2.3:h:supermicro:x9dr3-ln4f%2b
  • SuperMicro X9DR7-LN4F
    cpe:2.3:h:supermicro:x9dr7-ln4f
  • SuperMicro X9DR7-LN4F-JBOD
    cpe:2.3:h:supermicro:x9dr7-ln4f-jbod
  • SuperMicro X9DR7-TF+
    cpe:2.3:h:supermicro:x9dr7-tf%2b
  • SuperMicro X9DRD-7JLN4F
    cpe:2.3:h:supermicro:x9drd-7jln4f
  • SuperMicro X9DRD-7LN4F
    cpe:2.3:h:supermicro:x9drd-7ln4f
  • SuperMicro X9DRD-7LN4F-JBOD
    cpe:2.3:h:supermicro:x9drd-7ln4f-jbod
  • SuperMicro X9DRD-EF
    cpe:2.3:h:supermicro:x9drd-ef
  • SuperMicro X9DRD-IF
    cpe:2.3:h:supermicro:x9drd-if
  • SuperMicro X9DRE-LN4F
    cpe:2.3:h:supermicro:x9dre-ln4f
  • SuperMicro X9DRE-TF+
    cpe:2.3:h:supermicro:x9dre-tf%2b
  • SuperMicro X9DRFF
    cpe:2.3:h:supermicro:x9drff
  • SuperMicro X9DRFF-7
    cpe:2.3:h:supermicro:x9drff-7
  • SuperMicro X9DRFF-7+
    cpe:2.3:h:supermicro:x9drff-7%2b
  • SuperMicro X9DRFF-7G+
    cpe:2.3:h:supermicro:x9drff-7g%2b
  • SuperMicro X9DRFF-7T+
    cpe:2.3:h:supermicro:x9drff-7t%2b
  • SuperMicro X9DRFF-7TG+
    cpe:2.3:h:supermicro:x9drff-7tg%2b
  • SuperMicro X9DRFF-I+
    cpe:2.3:h:supermicro:x9drff-i%2b
  • SuperMicro X9DRFF-IG+
    cpe:2.3:h:supermicro:x9drff-ig%2b
  • SuperMicro X9DRFF-IT+
    cpe:2.3:h:supermicro:x9drff-it%2b
  • SuperMicro X9DRFF-ITG+
    cpe:2.3:h:supermicro:x9drff-itg%2b
  • SuperMicro X9DRFR
    cpe:2.3:h:supermicro:x9drfr
  • SuperMicro X9DRG-HF
    cpe:2.3:h:supermicro:x9drg-hf
  • SuperMicro X9DRG-HF+
    cpe:2.3:h:supermicro:x9drg-hf%2b
  • SuperMicro X9DRG-HTF
    cpe:2.3:h:supermicro:x9drg-htf
  • SuperMicro X9DRG-HTF+
    cpe:2.3:h:supermicro:x9drg-htf%2b
  • SuperMicro X9DRH-7F
    cpe:2.3:h:supermicro:x9drh-7f
  • SuperMicro X9DRH-7TF
    cpe:2.3:h:supermicro:x9drh-7tf
  • SuperMicro X9DRH-IF
    cpe:2.3:h:supermicro:x9drh-if
  • SuperMicro X9DRH-ITF
    cpe:2.3:h:supermicro:x9drh-itf
  • SuperMicro X9DRI-F
    cpe:2.3:h:supermicro:x9dri-f
  • SuperMicro X9DRI-LN4F+
    cpe:2.3:h:supermicro:x9dri-ln4f%2b
  • SuperMicro X9DRL-3F
    cpe:2.3:h:supermicro:x9drl-3f
  • SuperMicro X9DRL-EF
    cpe:2.3:h:supermicro:x9drl-ef
  • SuperMicro X9DRL-IF
    cpe:2.3:h:supermicro:x9drl-if
  • SuperMicro X9DRT-F
    cpe:2.3:h:supermicro:x9drt-f
  • SuperMicro X9DRT-H6F
    cpe:2.3:h:supermicro:x9drt-h6f
  • SuperMicro X9DRT-H6IBFF
    cpe:2.3:h:supermicro:x9drt-h6ibff
  • SuperMicro X9DRT-H6IBQF
    cpe:2.3:h:supermicro:x9drt-h6ibqf
  • SuperMicro X9DRT-HF+
    cpe:2.3:h:supermicro:x9drt-hf%2b
  • SuperMicro X9DRT-IBFF
    cpe:2.3:h:supermicro:x9drt-ibff
  • SuperMicro X9DRT-IBQF
    cpe:2.3:h:supermicro:x9drt-ibqf
  • SuperMicro X9DRW-3LN4+
    cpe:2.3:h:supermicro:x9drw-3ln4f%2b
  • SuperMicro X9DRW-3TF+
    cpe:2.3:h:supermicro:x9drw-3tf%2b
  • SuperMicro X9DRW-7TPF+
    cpe:2.3:h:supermicro:x9drw-7tpf%2b
  • SuperMicro X9DRW-ITPF+
    cpe:2.3:h:supermicro:x9drw-itpf%2b
  • SuperMicro X9DRX+-F
    cpe:2.3:h:supermicro:x9drx%2b-f
  • SuperMicro X9QR7-TF
    cpe:2.3:h:supermicro:x9qr7-tf
  • SuperMicro X9QR7-TF+
    cpe:2.3:h:supermicro:x9qr7-tf%2b
  • SuperMicro X9QR7-TF-JBOD
    cpe:2.3:h:supermicro:x9qr7-tf-jbod
  • SuperMicro X9QRI-F
    cpe:2.3:h:supermicro:x9qri-f
  • SuperMicro X9QRI-F+
    cpe:2.3:h:supermicro:x9qri-f%2b
  • SuperMicro X9SBAA-F
    cpe:2.3:h:supermicro:x9sbaa-f
  • SuperMicro X9SCA-F
    cpe:2.3:h:supermicro:x9sca-f
  • SuperMicro X9SCD-F
    cpe:2.3:h:supermicro:x9scd-f
  • SuperMicro X9SCE-F
    cpe:2.3:h:supermicro:x9sce-f
  • SuperMicro X9SCFF-F
    cpe:2.3:h:supermicro:x9scff-f
  • SuperMicro X9SCI-LN4F
    cpe:2.3:h:supermicro:x9sci-ln4f
  • SuperMicro X9SCL+-F
    cpe:2.3:h:supermicro:x9scl%2b-f
  • SuperMicro X9SCL-F
    cpe:2.3:h:supermicro:x9scl-f
  • SuperMicro X9SCM-F
    cpe:2.3:h:supermicro:x9scm-f
  • SuperMicro X9SCM-IIF
    cpe:2.3:h:supermicro:x9scm-iif
  • SuperMicro X9SPU-F
    cpe:2.3:h:supermicro:x9spu-f
  • SuperMicro X9SRD-F
    cpe:2.3:h:supermicro:x9srd-f
  • SuperMicro X9SRE-3F
    cpe:2.3:h:supermicro:x9sre-3f
  • SuperMicro X9SRE-F
    cpe:2.3:h:supermicro:x9sre-f
  • SuperMicro X9SRG-F
    cpe:2.3:h:supermicro:x9srg-f
  • SuperMicro X9SRI-3F
    cpe:2.3:h:supermicro:x9sri-3f
  • SuperMicro X9SRI-F
    cpe:2.3:h:supermicro:x9sri-f
  • SuperMicro X9SRL-F
    cpe:2.3:h:supermicro:x9srl-f
  • SuperMicro X9SRW-F
    cpe:2.3:h:supermicro:x9srw-f
CVSS
Base: 10.0 (as of 08-09-2013 - 22:15)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
refmap via4
bid 62094
cert-vn VU#648646
confirm
misc
Last major update 28-11-2016 - 14:09
Published 07-09-2013 - 23:17
Last modified 14-11-2017 - 21:29
Back to Top