openbmc.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed
* OpenBMC Security Advisory - CVE-2019-6260
@ 2020-09-20 23:47 Kun Zhao
  2020-09-21  1:02 ` TOM JOSEPH
  0 siblings, 1 reply; 5+ messages in thread
From: Kun Zhao @ 2020-09-20 23:47 UTC (permalink / raw)
  To: openbmc

[-- Attachment #1: Type: text/plain, Size: 198 bytes --]

Hi Team,

This link here described the ‘pantsdown’ vulnerability found in OpenBMC,
https://github.com/openbmc/openbmc/issues/3475

So what are the commits for fixing it?


Thanks.

Kun


[-- Attachment #2: Type: text/html, Size: 1897 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: OpenBMC Security Advisory - CVE-2019-6260
  2020-09-20 23:47 OpenBMC Security Advisory - CVE-2019-6260 Kun Zhao
@ 2020-09-21  1:02 ` TOM JOSEPH
  2020-09-21 16:09   ` Kun Zhao
  0 siblings, 1 reply; 5+ messages in thread
From: TOM JOSEPH @ 2020-09-21  1:02 UTC (permalink / raw)
  To: Kun Zhao, openbmc

[-- Attachment #1: Type: text/plain, Size: 619 bytes --]

Hello Kun,

The OpenBMC side of the fixes are captured in this link.

https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260-gaining-control-of-bmc-from-the-host-processor/

Regards,
Tom

On 21-09-2020 05:17, Kun Zhao wrote:
> Hi Team, This link here described the ‘pantsdown’ vulnerability found 
> in OpenBMC,...
> This Message Is From an External Sender
> This message came from outside your organization.
>
> Hi Team,
>
> This link here described the ‘pantsdown’ vulnerability found in OpenBMC,
>
> https://github.com/openbmc/openbmc/issues/3475
>
> So what are the commits for fixing it?
>
> Thanks.
>
> Kun
>

[-- Attachment #2: Type: text/html, Size: 7924 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: OpenBMC Security Advisory - CVE-2019-6260
  2020-09-21  1:02 ` TOM JOSEPH
@ 2020-09-21 16:09   ` Kun Zhao
  2020-09-21 16:09     ` Kun Zhao
  2020-09-30  5:25     ` Andrew Jeffery
  0 siblings, 2 replies; 5+ messages in thread
From: Kun Zhao @ 2020-09-21 16:09 UTC (permalink / raw)
  To: TOM JOSEPH, openbmc

[-- Attachment #1: Type: text/plain, Size: 917 bytes --]

Thank you so much, Tom.



Thanks.

Kun

From: TOM JOSEPH<mailto:tomjose@linux.vnet.ibm.com>
Sent: Sunday, September 20, 2020 6:02 PM
To: Kun Zhao<mailto:zkxz@hotmail.com>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>
Subject: Re: OpenBMC Security Advisory - CVE-2019-6260


Hello Kun,

The OpenBMC side of the fixes are captured in this link.

https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260-gaining-control-of-bmc-from-the-host-processor/

Regards,
Tom
On 21-09-2020 05:17, Kun Zhao wrote:
Hi Team, This link here described the ‘pantsdown’ vulnerability found in OpenBMC,...
This Message Is From an External Sender
This message came from outside your organization.
Hi Team,

This link here described the ‘pantsdown’ vulnerability found in OpenBMC,
https://github.com/openbmc/openbmc/issues/3475

So what are the commits for fixing it?


Thanks.

Kun



[-- Attachment #2: Type: text/html, Size: 6306 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: OpenBMC Security Advisory - CVE-2019-6260
  2020-09-21 16:09   ` Kun Zhao
@ 2020-09-21 16:09     ` Kun Zhao
  2020-09-30  5:25     ` Andrew Jeffery
  1 sibling, 0 replies; 5+ messages in thread
From: Kun Zhao @ 2020-09-21 16:09 UTC (permalink / raw)
  To: TOM JOSEPH, openbmc

[-- Attachment #1: Type: text/plain, Size: 917 bytes --]

Thank you so much, Tom.



Thanks.

Kun

From: TOM JOSEPH<mailto:tomjose@linux.vnet.ibm.com>
Sent: Sunday, September 20, 2020 6:02 PM
To: Kun Zhao<mailto:zkxz@hotmail.com>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>
Subject: Re: OpenBMC Security Advisory - CVE-2019-6260


Hello Kun,

The OpenBMC side of the fixes are captured in this link.

https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260-gaining-control-of-bmc-from-the-host-processor/

Regards,
Tom
On 21-09-2020 05:17, Kun Zhao wrote:
Hi Team, This link here described the ‘pantsdown’ vulnerability found in OpenBMC,...
This Message Is From an External Sender
This message came from outside your organization.
Hi Team,

This link here described the ‘pantsdown’ vulnerability found in OpenBMC,
https://github.com/openbmc/openbmc/issues/3475

So what are the commits for fixing it?


Thanks.

Kun



[-- Attachment #2: Type: text/html, Size: 6306 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: OpenBMC Security Advisory - CVE-2019-6260
  2020-09-21 16:09   ` Kun Zhao
  2020-09-21 16:09     ` Kun Zhao
@ 2020-09-30  5:25     ` Andrew Jeffery
  1 sibling, 0 replies; 5+ messages in thread
From: Andrew Jeffery @ 2020-09-30  5:25 UTC (permalink / raw)
  To: Kun Zhao, Tom Joseph, openbmc

On Tue, 22 Sep 2020, at 01:39, Kun Zhao wrote:
>  
> Thank you so much, Tom.

FWIW I've pushed a little utility for people to test their systems for
CVE-2019-6260:

https://github.com/amboar/cve-2019-6260/

Andrew

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-09-30  5:27 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-20 23:47 OpenBMC Security Advisory - CVE-2019-6260 Kun Zhao
2020-09-21  1:02 ` TOM JOSEPH
2020-09-21 16:09   ` Kun Zhao
2020-09-21 16:09     ` Kun Zhao
2020-09-30  5:25     ` Andrew Jeffery

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).