Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | |||
|
|
Solution Type Sun Alert Sure Solution 1019731.1 : A Security Vulnerability in the Sun System Firmware on Certain SPARC Systems May Allow Unauthorized Data Access
PreviouslyPublishedAs 244826 Bug Id <SUNBUG: 6721010> Product Sun SPARC Enterprise T5120 Server Sun SPARC Enterprise T5140 Server Sun SPARC Enterprise T5220 Server Sun Fire T1000 Server Sun Fire T2000 Server Sun Netra T2000 Server Sun Netra CP3060 ATCA Blade Server Sun Blade T6300 Server Module Date of Resolved Release 05-Nov-2008 A Security Vulnerability in the Sun System Firmware on Certain SPARC Systems May Allow Unauthorized Data Access 1. Impact A security vulnerability in the firmware for certain Sun SPARC Systems using the Sun UltraSPARC T1, UltraSPARC T2, and UltraSPARC T2+ processors may allow unauthorized data access, where local privileged users in one Logical Domain (ldm(1M)) may be able to gain access to memory in another logical domain. 2. Contributing Factors This issue can occur on the following platforms (when running multiple domains):
Note 2: This issue can only occur on systems (listed above) running multiple domains. Note 3: To determine the Sun System Firmware version installed on a system, you can query from the Service Processor command line interface with the following commands: ILOM CLI: "show /HOST"
(SysFW 7.x only)
ALOM CLI: "showhost" (SysFW 7.x and 6.x) Example 1: (look for "Sun System Firmware" version information underneath the "Properties" section) -> show /HOST Example 2: sc> showhost Host flash versions: Note 4: To determine if the system is running multiple domains, and is therefore potentially vulnerable, the LDoms Manager package (SUNWldm(1M)) includes a command to list the domains: Example 1: This is a single-domained system: # /opt/SUNWldm/bin/ldm list Example 2: This is a multi-domained system with the 2nd domain active. # /opt/SUNWldm/bin/ldm list Example 3: This is a multi-domained system with the 2nd domain quiesced: # /opt/SUNWldm/bin/ldm list 3. Symptoms There are no predictable symptoms to indicate this issue has been exploited to gain unauthorized data access to the system. 4. Workaround To work around the described issue until the resolution patches can be applied, restrict privileged access only to trusted users. 5. Resolution This issue is addressed for these platforms in the following releases:
For more information on Security Sun Alerts, see <Document: 1009886.1>. This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. References<SUNPATCH: 136932-04><SUNPATCH: 136933-06> <SUNPATCH: 136934-03> <SUNPATCH: 136936-07> <SUNPATCH: 136927-05> <SUNPATCH: 136928-05> <SUNPATCH: 136929-05> <SUNPATCH: 136930-05> <SUNPATCH: 136931-05> Internal Comments Please send technical questions to the following email: sunalert-tech-questions@sun.com and CC the following persons: Internal Contributor/Submitter Internal Eng Responsible Engineer Internal Services Knowledge Engineer Internal Contributor/submitter bruce.munroe@sun.com Internal Eng Responsible Engineer tycho.nightingale@sun.com Internal Services Knowledge Engineer david.mariotto@sun.com Internal Eng Business Unit Group Systems Group - SVS (SPARC Volume Systems, Horizontal Systems, T1000/T2000 and Ontario), Systems Group - Netra Systems and Networking Internal Resolution Patches 136932-04, 136933-06, 136934-03, 136936-07, 136927-05, 136928-05, 136929-05, 136930-05, 136931-05 Internal Sun Alert & FAB Admin Info 29-Oct-2008, david m: draft created, send for Security review 15-Nov-2008, david m: review completed, signoff by Security, send to publish ReferencesSUNPATCH:136927-05SUNPATCH:136928-05 SUNPATCH:136929-05 SUNPATCH:136930-05 SUNPATCH:136931-05 SUNPATCH:136932-04 SUNPATCH:136933-06 SUNPATCH:136934-03 SUNPATCH:136936-07 Attachments This solution has no attachment |
||||||||||||
|