Hello Corey, On Thu, Aug 22, 2024 at 11:28:42AM -0500, Corey Minyard via Openipmi-developer wrote: > There was a bug found by AWS Security that affected the IPMI simulator, > ipmi_sim. It does NOT affect the main library, just the simulator. This > is mainly used for testing (by OpenIPMI and others) but I am fairly sure > that some people are using this in production systems to control QEMU > systems and to provide serial over LAN access to those systems. > Unfortunately, I do not know who is using it for this purpose.
reading the code, is my understanding correct that it affects not just the ipmi_sim simulator, but also the ipmilan daemon? The manual page describes it as "The ipmilan daemon allows an IPMI system interface using the OpenIPMI device driver to be accessed using the IPMI 1.5 or 2.0 LAN protocol." which sounds like something that might be used on production systems, but I also don't know how often that would actually happen (using such a daemon seems to defeat the purpose of the IPMI LAN interface which is to control the system even when offline). Best regards, Pavel _______________________________________________ Openipmi-developer mailing list Openipmi-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openipmi-developer
