BMC flaw unchecked for six years affects Intel and Lenovo servers

The lack of communication that occurred six years ago resulted in thousands of devices today being vulnerable to a remotely exploitable heap out-of-bounds (OOB) read vulnerability. Vulnerable devices include Intel and Lenovo servers.

Here’s what happened: Six years ago, Lighttpd administrators discovered the aforementioned flaw, which allowed threat actors to exfiltrate the memory addresses of processes. That in turn could have been used to circumvent protection mechanisms.