Remotely exploitable firmware vulnerability in all Intel chipsets
Tom Buskey
tom at buskey.name
Wed May 3 15:11:21 EDT 2017
On Tue, May 2, 2017 at 9:51 AM, Lloyd Kvam <python at venix.com> wrote:
> lspci | egrep 'MEI|HECI'
As the article on dreamwidth says, just having MEI doesn't mean you have
AMT and the rest of the Intel ME working for someone to get in.
Honestly, most of the stuff I've seen about ME reads like breathless
clickbait instead of valid security information. It'd be nice to read
about it w/o having to decipher a conspiracy undertone. And it is a
legitimate security vulnerability.
ME is a newer, Intel version of the remote control/IPMI standard and the
proprietary iDrac, iLo and other versions.
ME seems more private (no source code for the public!) than all the IPMI
stuff has been. Both allow you to setup power control, remote control a
serial console and read motherboard settings. IPMI can provide a video
console in some cases. It's usually on Supermicros as a jnlp java applet.
iDrac has an Enterprise version (more $) with the same. The latest iDrac
also has an HTML5 version.
If you go further back, Sun systems had something called LOM and variants
that also let you get to the "BIOS" before/without booting.
Holes in IPMI were first disclosed by Dan Farmer <http://fish2.com/ipmi/> in
2013. The Intel ME/AMT is just a newer version of IPMI with similar holes
that's not restricted to server systems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20170503/5c7720a3/attachment.html
More information about the gnhlug-discuss
mailing list