Asset ID: |
1-77-1019673.1 |
Update Date: | 2011-02-25 |
Keywords: | |
Solution Type
Sun Alert Sure
Solution
1019673.1
:
A Security Vulnerability in the Sun Integrated Lights-Out Manager (ILOM) may Allow Unauthorized Access Through the Web Interface
Related Items |
- Sun SPARC Enterprise T5440 Server
- Sun SPARC Enterprise T5240 Server
- Sun SPARC Enterprise T5220 Server
- Sun SPARC Enterprise T5140 Server
- Sun SPARC Enterprise T5120 Server
|
Related Categories |
- GCS>Sun Microsystems>Sun Alert>Criteria Category>Security
- GCS>Sun Microsystems>Sun Alert>Release Phase>Resolved
|
PreviouslyPublishedAs
243486
Bug Id
SUNBUG: 6732655
ProductSun SPARC Enterprise T5120 Server
Sun SPARC Enterprise T5220 Server
Sun SPARC Enterprise T5140 Server
Sun SPARC Enterprise T5240 Server
Sun SPARC Enterprise T5440 Server
Sun Blade T6320
Sun Netra T5220
Sun Netra T5440
Sun Netra CP3260
Sun Netra CT900 ATCA Blade Server
Sun Fire X2250
Sun Fire X4100
Sun Fire X4100 M2
Sun Fire X4140
Sun Fire X4150
Sun Fire X4200
Sun Fire X4200 M2
Sun Fire X4240
Sun Fire X4250
Sun Fire X4440
ProductSun Fire X4450
Sun Fire X4500
Sun Fire X4540
Sun Fire X4600
Sun Fire X4600 M2
Sun Blade X6000
Sun Blade X6048
Sun Blade X6220
Sun Blade X6250
Sun Blade X6450
Sun Blade X8000
Sun Blade X8000 P
Sun Blade X8400
Sun Blade X8420
Sun Blade X8440
Sun Blade X8450
Sun Netra X4200 M2
Sun Netra X4250
Sun Netra X4450
Date of Resolved Release21-Oct-2008
A security vulnerability in the Sun Integrated Lights-Out Manager (ILOM):
1. Impact
A security vulnerability in the Sun Integrated Lights-Out Manager
(ILOM) may allow unprivileged users who have access to the ILOM web
interface to gain unauthorized access to the service processor (SP).
This may allow such users to power off or reset the system which is a
type of Denial of Service (DoS).
On Sun servers and Sun Blades, this issue may also allow unprivileged
users who have access to the ILOM web interface to gain unauthorized
access to the host operating system.
2. Contributing Factors
This issue can occur on the following platforms:
- Sun SPARC Enterprise T5120 Server with firmware 7.1.6 (ILOM
2.0.4.26) or earlier
- Sun SPARC Enterprise T5220 Server with firmware 7.1.6 (ILOM
2.0.4.26) or earlier
- Sun SPARC Enterprise T5140 Server with firmware 7.1.6 (ILOM
2.0.4.26) or earlier
- Sun SPARC Enterprise T5240 Server with firmware 7.1.6 (ILOM
2.0.4.26) or earlier
- Sun SPARC Enterprise T5440 Server with firmware 7.1.5.b (ILOM 2.0.4.25) or earlier
- Sun Blade T6320 Server Module with firmware 7.1.6 (ILOM 2.0.4.26)
or earlier
- Sun Netra T5220 Server with firmware 7.1.6 (ILOM 2.0.4.26) or
earlier
- Sun Netra T5440 Server with firmware 7.1.4.a (ILOM 2.0.4.24.a) or
earlier
- Sun Netra CP3260/CT900 ATCA Blade Server with firmware 7.1.6 (ILOM
2.0.4.26) or earlier
- Sun Fire X4100 Server with SW 1.5.1 (ILOM 2.0.2.5 build 32265) or earlier
- Sun Fire X4200 Server with SW 1.5.1 (ILOM 2.0.2.5 build 32265) or earlier
- Sun Fire X4100M2 Server with SW 2.1 (ILOM 2.0.2.10 build 35249)
or earlier
- Sun Fire X4200M2 Server with SW 2.1 (ILOM 2.0.2.10 build 35249)
or earlier
- Sun Fire X4600 Server with SW 1.4 (ILOM 2.0.2.5 build 32265) or earlier
- Sun Fire X4600M2 Server with SW 2.1.2 (ILOM 2.0.2.5 build 32591) or earlier
- Sun Fire X4500 Server with SW 1.5 (ILOM 2.0.2.5 build 34717) or earlier
- Sun Fire X4540 Server with SW 1.0 (ILOM 2.0.2.5 build 32394)
- Sun Fire X4140 Server with SW 2.1 (ILOM 2.0.2.5 build 34) or
earlier
- Sun Fire X4240 Server with SW 2.1 (ILOM 2.0.2.5 build 34) or
earlier
- Sun Fire X4440 Server with SW 2.1 (ILOM 2.0.2.5 build 34) or
earlier
- Sun Fire X2250 Server with SW 1.1 (ILOM 2.0.2.8 build 33864) or
earlier
- Sun Fire X4150 Server with SW 2.0 (ILOM 2.0.2.6 build 35128) or
earlier
- Sun Fire X4250 Server with SW 1.1 (ILOM 2.0.2.6 build 35128) or
earlier
- Sun Fire X4450 Server with SW 2.1.0 (ILOM 2.0.2.6 Build 36202) or
earlier
- Sun Blade 6000 Modular System with Chassis 2.0 (ILOM 2.0.3.3 build 33795) or earlier
- Sun Blade 6048 Modular System with Chassis 2.0 (ILOM 2.0.3.3 build
33795) or earlier
- Sun Blade X6220 with Server Module Software 2.0 (ILOM 2.0.3.3 build
34514) or earlier
- Sun Blade X6250 with Server Module Software 2.0 (ILOM 2.0.3.6 build
36279)
- Sun Blade X6450 with Server Module Software 2.0 (ILOM 2.0.3.6 build
36472)
- Sun Blade 8000 Modular System with Software 2.1.1 (ILOM 2.0.1.8) or earlier
- Sun Blade 8000P Modular System with
Software 2.1.1 (ILOM 2.0.1.8) or
earlier
- Sun Blade X8400 with Software 2.0.2 (ILOM 2.0.1.5) or
earlier
- Sun Blade X8420 with Software 2.0.2 (ILOM 2.0.1.5) or
earlier
- Sun Blade X8440 with Software 2.0.2 (ILOM 2.0.1.5) or
earlier
- Sun Blade X8450 with Software 2.1 (ILOM 2.0.1.7) or
earlier
- Sun Netra X4200M2 Server with SW 2.1 (ILOM 2.0.5.2 build 35521)
or earlier
- Sun Netra X4250 Server with SW 1.1 (ILOM 2.0.2.6 build 35369) or
earlier
- Sun Netra X4450 with SW 1.1 (ILOM 2.0.2.6 build 35369) or earlier
To determine the ILOM
firmware version installed on your system, use the "version" command in
the ILOM command-line interface:
SP firmware 2.0.2.5
SP firmware build number: 32265
SP firmware date: Fri Apr 25 20:35:59 PDT 2008
SP filesystem version: 0.1.14
The first line of the above output provides the ILOM version. The
second line provides the build number for that ILOM version.
3. Symptoms
There are no predictable symptoms to indicate that this issue has been
exploited to gain unauthorized remote access to the SP or the system.
4. Workaround
To work around the described issue until the firmware upgrades are
applied, disable the ILOM web interface by logging into ILOM though the
command line interface as a user with admin privileges and run the
following commands:
set /SP/services/http servicestate=disabled
set /SP/services/https servicestate=disabled
5.
Resolution
New system firmware versions are available for impacted platforms to address this vulnerability.
For SPARC platforms, new system firmware is available though SunSolve
patches. See the list below for the SunSolve patch id for each SPARC
platform:
SPARC Platform
- Sun SPARC Enterprise T5120/T5220 Server with patch 136932-05
(SysFW 7.1.6.d, ILOM 2.0.4.26.d) or later
- Sun SPARC Enterprise T5140/T5240 Server with patch 136936-08
(SysFW 7.1.6.d, ILOM 2.0.4.26.d) or later
- Sun SPARC Enterprise T5440 Server with patch 136937-02 (SysFW 7.1.5.c, ILOM 2.0.4.25.a) or later
- Sun Blade T6320 Server Module with patch 136933-07 (SysFW
7.1.6.d, ILOM 2.0.4.26.d) or later
- Sun Netra T5220 Server with patch 136934-06 (SysFW 7.1.6.d, ILOM
2.0.4.26.d) or later
- Sun Netra T5440 Server with patch 136938-02 (SysFW 7.1.6.e, ILOM
2.0.4.26.e) or later
- Sun Netra CP3260 ATCA Blade Server with patch 136935-03 (SysFW
7.1.6.f, ILOM 2.0.4.26.f) or later
- Sun Netra CT900 ATCA Blade Server (Sun Netra CP3260 ATCA Blade: SysFW 7.1.6.f, ILOM 2.0.4.26.f) with patch 139280-02 or later
For x64 platforms, new system firmware is available for download at:
See the platform names below for specific system firmware and link
information:
Sun Fire
X4100/X4200/X4100M2/X4200M2
- Sun Fire X4100 Server with SW 1.5.2 (ILOM 2.0.2.5 build 37165) or
later
- Sun Fire X4200 Server with SW 1.5.2 (ILOM 2.0.2.5 build 37165) or
later
- Sun Fire X4100M2 Server with SW 2.1.1 (ILOM 2.0.2.10 build 37108)
or later
- Sun Fire X4200M2 Server with SW 2.1.1 (ILOM 2.0.2.10 build 37108)
or later
http://www.sun.com/servers/x64/x4100/downloads
Sun Fire X4600/X4600M2
- Sun Fire X4600 Server with SW 1.4.1 (ILOM 2.0.2.5 build 37165) or
later
- Sun Fire X4600M2 Server with SW 2.1.3 (ILOM 2.0.2.5 build 37115)
or later
http://www.sun.com/servers/x64/x4600/downloads.jsp
Sun Fire X4500
- Sun Fire X4500 Server with SW 1.5.1 (ILOM 2.0.2.5 build 37042) or
later
http://www.sun.com/servers/x64/x4500/downloads.jsp
Sun Fire X4540
- Sun Fire X4540 Server with SW 1.0.1 (ILOM 2.0.2.5 build 37049) or later
http://www.sun.com/servers/x64/x4540/downloads.jsp
Sun Fire X4140
- Sun Fire X4140 Server with SW 2.1.1 (ILOM 2.0.2.5 build 37) or
later
http://www.sun.com/servers/x64/x4140/downloads.jsp
Sun Fire X4240
- Sun Fire X4240 Server with SW 2.1.1 (ILOM 2.0.2.5 build 37) or
later
http://www.sun.com/servers/x64/x4240/downloads.jsp
Sun Fire X4440
- Sun Fire X4440 Server with SW 2.1.1 (ILOM 2.0.2.5 build 37) or
later
http://www.sun.com/servers/x64/x4440/downloads.jsp
Sun Fire X2250
- Sun Fire X2250 Server with SW 1.1.1 (ILOM 2.0.2.12 build 37040) or later
http://www.sun.com/servers/x64/x2250/downloads.jsp
Sun Fire X4150
- Sun Fire X4150 Server with SW 2.1.0 (ILOM 2.0.2.6 build 36843) or
later
http://www.sun.com/servers/x64/x4150/downloads.jsp
Sun Fire X4250
- Sun Fire X4250 Server with SW 1.2.0 (ILOM 2.0.2.6 build 36843) or
later
http://www.sun.com/servers/x64/x4250/downloads.jsp
Sun Fire X4450
- Sun Fire X4450 Server with SW 2.2.0 (ILOM 2.0.2.6 build 37007) or
later
http://www.sun.com/servers/x64/x4450/downloads.jsp
Fixes for the following Sun Blade and
Blade chassis are available for download at:
See the platform names below for specific system firmware:
- Sun Blade 6000
Modular System with Chassis 2.1 (ILOM 2.0.3.10 build 38) or later
- Sun Blade 6048 Modular System with Chassis 2.1 (ILOM 2.0.3.10 build
38) or later
- Sun Blade X6220
with Server Module Software 2.1 (ILOM 2.0.3.10 build
38) or later
- Sun Blade X6250
with Server Module Software 2.0.1 (ILOM 2.0.3.6 build
36946) or later
- Sun Blade X6450
with Server Module Software 2.0.1 (ILOM 2.0.3.6 build
36946) or later
- Sun Blade 8000 Server Module with SW 2.2 (ILOM 2.0.1.10) or later
- Sun Blade X8000P Modular System with SW 2.2 (ILOM 2.0.1.10) or
later
- Sun Blade X8400 with Software 2.2 (ILOM 2.0.1.12) or later
- Sun Blade X8420 with Software 2.2 (ILOM 2.0.1.13) or later
- Sun Blade X8440 with Software 2.2 (ILOM 2.0.1.11) or later
- Sun Blade X8450 with Software 2.2 (ILOM 2.0.1.10) or later
Fixes for the following Netra
platforms are available for download at:
See the platform names below for specific system firmware and link
information:
Sun Netra X4200M2
- Sun Netra X4200M2 Server with SW 2.1N (ILOM 2.0.5.3 build
37380) or later
http://www.sun.com/servers/netra/x4200/support.xml
Sun Netra X4250
- Sun Netra X4250 Server with SW 2.1N (ILOM 2.0.2.6 build 37455) or
later
http://www.sun.com/servers/netra/x4250/support.xml
Sun Netra X4450
- Sun Netra X4450 with SW 2.2N (ILOM 2.0.2.6 build 37455) or later
http://www.sun.com/servers/netra/x4450/support.xml
For more information
on Security Sun Alerts, see <Document: 1009886.1>.
Modification History
03-Nov-2008: Updated Product, Contributing Factors, and Resolution sections.
References
<SUNPATCH: 136932-05>
<SUNPATCH: 136936-08>
<SUNPATCH: 136933-07>
<SUNPATCH: 136934-06>
<SUNPATCH: 136938-02>
<SUNPATCH: 136935-03>
<SUNPATCH: 136937-02>
<SUNPATCH: 139280-02>
Internal Comments
An updated version of the ILOM firmware will be provided for each impacted
product. The details for each product will depend on the support and release
procedures of the product teams.
Please send technical questions to the following email:
sunalert-tech-questions@sun.com
and CC the following persons:
Internal Contributor/Submitter
Internal Eng Responsible Engineer
Internal Services Knowledge Engineer
Internal Contributor/submitter
Tom.Caron@Sun.COM
Internal Eng Responsible Engineer
Josh.Rosen@sun.com
Internal Services Knowledge Engineer
jeff.folla@sun.com
Internal Eng Business Unit Group
SSG ES (Enterprise Systems)
Internal Resolution Patches
136932-05, 136936-08, 136933-07, 136934-06, 136938-02, 136935-03, 136937-02, 139280-02
References
SUNPATCH:136932-05
SUNPATCH:136933-07
SUNPATCH:136934-06
SUNPATCH:136935-03
SUNPATCH:136936-08
SUNPATCH:136937-02
SUNPATCH:136938-02
SUNPATCH:139280-02
References
SUNPATCH:136932-05
SUNPATCH:136933-07
SUNPATCH:136934-06
SUNPATCH:136935-03
SUNPATCH:136936-08
SUNPATCH:136937-02
SUNPATCH:136938-02
SUNPATCH:139280-02
Attachments
This solution has no attachment