Seagate, LaCie hard drive vulnerabilities, firmware update available

September 3, 2015 ~ hucktech ~ Leave a comment

Found on the Twitter feed of Frank Denis:

“Seagate wireless hard-drives provides undocumented Telnet services accessible by using 'root' as username and password” #ohmy

— Frank ⚡ (@jedisct1) September 3, 2015

Seagate wireless hard-drives contain multiple vulnerabilities http://t.co/ry1PpojQvS

— Frank ⚡ (@jedisct1) September 3, 2015

Note there is a firmware update. See the full Vulnerability Note, excerpted below:

http://www.kb.cert.org/vuls/id/903500

Vulnerability Note VU#903500
Seagate wireless hard-drives contain multiple vulnerabilities

Last revised: 02 Sep 2015

Multiple Seagate wireless hard-drives contain multiple vulnerabilities.

CWE-798: Use of Hard-coded Credentials – CVE-2015-2874
Seagate wireless hard-drives provides undocumented Telnet services accessible by using the default credentials of ‘root’ as username and the default password.

CWE-425: Direct Request (‘Forced Browsing’) – CVE-2015-2875
Under a default configuration, Seagate wireless hard-drives provides an unrestricted file download capability to anonymous attackers with wireless access to the device. An attacker can directly download files from anywhere on the filesystem.

CWE-434: Unrestricted Upload of File with Dangerous Type – CVE-2015-2876
Under a default configuration, Seagate wireless hard-drives provides a file upload capability to anonymous attackers with wireless access to the device’s /media/sda2 filesystem. This filesystem is reserved for the file-sharing.

These vulnerabilities were confirmed by the reporter as existing in firmware versions 2.2.0.005 and 2.3.0.014, dating to October 2014. Other firmware versions may be affected. The following devices are impacted by this issue: Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL. Impact: A remote unauthenticated attacker may access arbitrary files on the harddrive, or gain root access to the device. Solution: Update the firmware. Seagate has released firmware 3.4.1.105 to address these issues in all affected devices. Affected users are encouraged to update the firmware as so on as possible. Customers may download the firmware from Seagate’s website. Seagate encourages any customer encountering issues to contact customer service at 1-800-SEAGATE.

https://apps1.seagate.com/downloads/request.html
http://knowledge.seagate.com/articles/en_US/FAQ/207931en
http://cwe.mitre.org/data/definitions/425.html
http://cwe.mitre.org/data/definitions/434.html
http://cwe.mitre.org/data/definitions/798.html

Seagate on Redfish and IPMI

August 26, 2015 ~ hucktech ~ Leave a comment

Lee Calcote of Seagate wrote an article on the recent DMTF Redfish 1.0 release, and about Seagate’s support of this new API, and IPMI. Excerpts:

Like most systems manufacturers, Seagate supports IPMI and will continue to support it as a critical standard in the data center in lieu of broad adoption of Redfish. Where IPMI strains to meet the requirements of today’s massive multiscale environments, Redfish addresses IPMI inadequacies of interoperability, security, simplicity and scalability.

Redfish 1.0 is only the beginning. Seagate and other industry leaders are already engaging within the DMTF Scalable Platform Management Forum on enhancements beyond Redfish 1.0 standard.

What does Redfish mean for Seagate partners and customers? It means a new level of control, management and monitoring for the data center, using a modern, secure RESTful API that is commonly understood and will be widely supported.

Read the full post here:

http://media.seagate.com/intelligent/redfish-slipstreams-ipmi-with-1-0-release/?cmpid=smc-css-twitter-seagateb4b-blog-sf40151081-sf40151081

DMTF Redfish 1.0 released

August 4, 2015 ~ hucktech ~ Leave a comment

Redfish, an IPMI replacement, has shipped the first release of their spec. Quoting the press release:

DMTF Helps Enable Multi-Vendor Data Center Management with New Redfish 1.0 Standard

DMTF has announced the release of Redfish 1.0, a standard for data center and systems management that delivers improved performance, functionality, scalability and security. Designed to meet the expectations of end users for simple and interoperable management of modern scalable platform hardware, Redfish takes advantage of widely-used technologies to speed implementation and help system administrators be more effective. Redfish is developed by the DMTF’s Scalable Platforms Management Forum (SPMF), which is led by Broadcom, Dell, Emerson, HP, Intel, Lenovo, Microsoft, Supermicro and VMware with additional support from AMI, Oracle, Fujitsu, Huawei, Mellanox and Seagate. The release of the Redfish 1.0 standard by the DMTF demonstrates the broad industry support of the full organization.

http://dmtf.org/standards/redfish
http://dmtf.org/join/spmf

Don’t forget to grab the Redfish “Mockup” as well as the specs and schema.

UEFI 2.5 has a JSON API to enable accessing Redfish. HP was first vendor with systems that supported UEFI 2.5’s new HTTP Boot, a PXE replacement. Intel checked in HTTP Boot support into TianoCore, so it’s just a matter of time until other vendors have similar products. JSON-based Redfish and HTTP-based booting makes UEFI much more of a “web app”, w/r/t security research, and the need for system administrators to more closely examine how firmware is updated on their systems, to best protect them.
https://firmwaresecurity.com/tag/uefi-http-boot/