Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | |||
|
|
Solution Type Sun Alert Sure Solution 1001007.1 : Security Vulnerabilities in Early Versions of Sun SPARC Enterprise M4000/M5000/M8000/M9000 XSCF Control Package (XCP) firmware may Result in a Denial of Service (DoS) Condition
PreviouslyPublishedAs 201333 Product Sun SPARC Enterprise M9000 Server Sun SPARC Enterprise M8000 Server Sun SPARC Enterprise M4000 Server Sun SPARC Enterprise M5000 Server Date of Resolved Release 04-DEC-2007 Impact Security vulnerabilities with telnet(1), Secure Shell (SSH), and httpd in the Sun SPARC Enterprise M4000/M5000/M8000/M9000 XSCF Control Package (XCP) firmware versions prior to 1050 may allow a remote unprivileged user to cause a Denial of Service (DoS). Contributing Factors This issue can occur on the following platforms:
To determine the version of XCP firmware installed on a system, the following command can be used at the XSCF> prompt: XSCF> version -c xcp If the value under "Current" is less than 1050, the system may be vulnerable to this issue. Symptoms If the described issue occurs, the eXtended System Control Facility (XSCF) response may degrade and the XSCF will reboot whenever an "Out of Memory" condition occurs. Issues connecting to the XSCF may also be experienced. Workaround There is no workaround for this issue. Please see the Resolution section below. Resolution This issue is addressed in the following releases:
My Oracle Support XCP firmware
links are available from the Oracle Firmware Download page at: Previously Published As 103159 Internal Comments 6574635 - telnet vulnerability where it is possible to initiate a large number of telnet connections against the XSCF and cause the XSCF to experience out-of-memory conditions. 6548161 - SSH vulnerability where it is possible to issue an infinite number of remote SSH commands to the XSCF and cause the XSCF to experience resource allocation issues. 6546970 - httpd vulnerability where large numbers of requests can trigger httpd to spawn additional processes causing the XSCF to experience out-of-memory conditions. All of these vulnerabilities are related to the configuration of these services on the "XSCF" and are not due to issues with the services themselves. Internal Contributor/submitter James.Hsieh@Sun.COM Internal Eng Business Unit Group SSG ES (Enterprise Systems) Internal Eng Responsible Engineer James.Hsieh@Sun.COM Internal Services Knowledge Engineer jeff.folla@sun.com Internal Sun Alert Kasp Legacy ID 103159 References<SUNBUG: 6574635><SUNBUG: 6546970> <SUNBUG: 6548161> Attachments This solution has no attachment |
||||||||||||
|