On Tue, Aug 27, 2024 at 10:07 AM Pavel Cahyna <pcah...@redhat.com> wrote: > > Hello Corey, > > On Thu, Aug 22, 2024 at 11:28:42AM -0500, Corey Minyard via > Openipmi-developer wrote: > > There was a bug found by AWS Security that affected the IPMI simulator, > > ipmi_sim. It does NOT affect the main library, just the simulator. This > > is mainly used for testing (by OpenIPMI and others) but I am fairly sure > > that some people are using this in production systems to control QEMU > > systems and to provide serial over LAN access to those systems. > > Unfortunately, I do not know who is using it for this purpose. > > reading the code, is my understanding correct that it affects not just > the ipmi_sim simulator, but also the ipmilan daemon? The manual page > describes it as > "The ipmilan daemon allows an IPMI system interface using the OpenIPMI > device driver to be accessed using the IPMI 1.5 or 2.0 LAN protocol." > which sounds like something that might be used on production systems, > but I also don't know how often that would actually happen (using such a > daemon seems to defeat the purpose of the IPMI LAN interface which is to > control the system even when offline).
Yes, it would also affect the ipmilan daemon. I was not assuming anyone was using that for production systems, but maybe I'm wrong. Thanks for asking. -corey > > Best regards, Pavel > > > > _______________________________________________ > Openipmi-developer mailing list > Openipmi-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openipmi-developer _______________________________________________ Openipmi-developer mailing list Openipmi-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openipmi-developer
