CVE-2007-2387
Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool.
Date published : 2007-06-04
http://lists.apple.com/archives/security-announce/2007/May/msg00006.html