Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II)
cancel
Showing results for 
Search instead for 
Did you mean: 

HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

anthony11
Regular Advisor

HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03787836-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

 

This advisory says that iLO 3 < 1.57 is vulnerable and tells me to act ASAP, yet the web site only has 1.55, and the CSO tells me:

 

"We understand previous technician has provided you advisories with reference of future release, however ILO 3 version 1.57 is not available for download."

 

 

P.S. This thread has been moevd from ProLiant Servers (ML,DL,SL) to ITRC Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum - Hp Forum Moderator

 

12 REPLIES
Rob Gagnon_1
Occasional Advisor

Re: HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

I got the same email.  They have the new version of ILO4 (v1.22) online, but seems someone forgot the ILO3 version.

 

For a flaw so serious and then they don't have the firmware available?

 

Why not just tell all the hackers how to get into any ILO3 they might find on the Internet and leave their paying customers vulnerable with no way to fix it.

 

Nice business model.

 

Next time they might want to think about putting the file online BEFORE they tell people its there.  This is the same thing as sending an email that discusses the non-existent attachment...

 


And the CSO you got.  How fricking brilliant.  Of COURSE THE FILE ISN'T ONLINE... I JUST TOLD YOU THAT.

 

And "future release?"  The document states release date 6/11/2013...  I got the email today as well 6/12/2013.
  Last time I checked, that was not in the future.

Oscar A. Perez
Honored Contributor

Re: HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

1.57 is being signed off as we speak and it should be on the web very soon.

 

For those who need it right now, I have uploaded the components to a temp FTP site.

 

ftp://ilo4me:G!v3t2me@ftp.usa.hp.com/iLO3/1.57/

 

 

 

 




__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
anthony11
Regular Advisor

Re: HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

Thanks, Oscar.  It seemed weird to send the advisory before availability, especially when the CSO indicated that there was no release date.

 

Torsten.
Acclaimed Contributor

Re: HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

There was the same confusion recently about EVA disk firmware files - new versions were noted as default minimum and strongly recommended, but the release date was some weeks later than the anouncement ... :-(

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Rob Gagnon_1
Occasional Advisor

Re: HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

Thanks, Oscar, but one question:

How do you know which CPxxxxx.scexe you need to download? There are about 4 of them in the directory.
anthony11
Regular Advisor

Re: HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

file CP020301.scexe cp020303.exe
CP020301.scexe: POSIX shell script text executable
cp020303.exe:   PE32 executable for MS Windows (GUI) Intel 80386 32-bit

 

Oscar A. Perez
Honored Contributor

Re: HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

Sorry for the confusion. I uploaded these files before my morning coffee.

 

Online Flash Component for Windows x86
cp020303.exe

 

Online Flash Component for Windows x64
cp020304.exe

 

Online Flash Component for Linux
CP020301.scexe

 

Online Flash Component for ESXi
CP020302.scexe




__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
Rob Gagnon_1
Occasional Advisor

Re: HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

Oscar,

 

Are there any know issues with updating ILO3 from version 1.16 to 1.57? 

 

No matter how I try, it fails.

 

I downloaded the windows version, and performed an extract only.  Then I uploaded the ilo3_157.bin file directly into the ILO interface.  After the progress bar went all the way across, it said it failed.

 

So I downloaded the linux version onto the blade itself, and ran that.  It also failed as shown in the output below:

 

I might need to mention this is for a BL460c/G7 running Redhat Linux

============================================

# sh ./CP020301.scexe

FLASH_iLO3 v1.09 for Linux (Jan 23 2013)
(C) Copyright 2002-2013 Hewlett-Packard Development Company, L.P.
Firmware image: ilo3_157.bin
Current iLO 3 firmware version  1.16; Serial number {REDACTED}     

Component XML file: CP020301.xml
CP020301.xml reports firmware version 1.57
This operation will update the firmware on the
iLO 3 in this server with version 1.57.
Continue (y/N)?y
Current firmware is 1.16 (Dec 17 2010 )
Firmware image is 0x801664(8394340) bytes
   99 percent of firmware sent.
Failed(2--4)!

ERROR: Unable to start flash. [ilo3_157.bin]
============================================

Oscar A. Perez
Honored Contributor

Re: HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

You cannot go from an iLO3 version 1.1x directly to a 1.5x due to a change in iLO3 image signature algorithm.  You are going to need to flash any iLO3 version 1.2x first (I recommend v1.28), then you will be able to flash v1.57.  It is mentioned in the readme.txt. See attachement.

 

 Also, don't forget to clear browser cache after upgrading iLO3. Lots of changes to webGUI have been made since 1.16.




__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
Rob Gagnon_1
Occasional Advisor

Re: HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

Thanks for the quick response.  I didn't see any mention in the readme when I looked.  While I'm here would there be any odd interaction with the Blade enclosure's Onboard Administrator that I might need to worry about as well?

Oscar A. Perez
Honored Contributor

Re: HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

Since you will be running the Online Component on Linux, I don't think the OA would even notice that the iLO3 is being flashed, at least not until iLO actually reboots at the end. But, I would recommend just doing the flash on one blade at the time, just in case.



__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
Oscar A. Perez
Honored Contributor

Re: HP advisory says to update to iLO 3 1.57 or later, yet 1.55 is all that is available???

I've created a new temporally FTP site cause the other one is about to expire.

 

 
 



__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!