Sun Storage 6130 Array
 

GCS>Sun Microsystems>Sun Alert>Criteria Category>Security
 
GCS>Sun Microsystems>Sun Alert>Release Phase>Resolved
 

A local or remote unprivileged user may be able to gain unauthorized access to a limited number of Sun StorEdge 6130 arrays (SE6130). With this access, the user could delete data on the array.

This issue can occur on the following platform:

• Sun StorEdge 6130 arrays with a serial number in the range of 0451AWF00G - 0513AWF00J

Notes:

1. The described issue only affects Controller Arrays. Expansion trays are not affected.
2. SE6130 Controller Arrays with serial numbers outside the range above are not impacted by this issue.

The Sun StorEdge Configuration Service (SSCS) commands can be used to determine the serial number of a Sun StorEdge 6130 array as shown in the example below:

1. Login to SSCS using the sscs(1M) comand line utility:

    % /opt/se6x20/cli/bin/sscs login -h <management_host_name> -u <user>

2. To list the array(s) managed by this management host:

    % /opt/se6x20/cli/bin/sscs list array
Array: SE6130-1
Array: SE6130-2
Array: SE6130-3

3. To list the details (including the serial number) of each array:

    % /opt/se6x20/cli/bin/sscs list array <array_name>
Array:
Serial Number:             SUN.54062390100.0428AWF006
Firmware Version:          06.12.03.10
Array WWN:                 60:0A:0B:80:00:16:AB:12:00:00:00:00:41:23:4B:E2
Node WWN:                  20:04:00:A0:B8:16:AB:12
Default Host Type:         Solaris (with Traffic Manager)
Default Cache Block Size:  16384
Default Cache Start %:     80
Default Cache Stop %:      80
Disk Scrubbing:            30 days
Failover Alert Delay:      5 minutes
Hot Spare Pool Disks:      1
Health                     OK
Tray ID:                   1
Host:                      host 1
Pool:                      Pool 1-1
Pool:                      Pool 2
Pool:                      Pool 3
Pool:                      Pool 1
Pool:                      Default
%

4. Logout of SSCS

    % /opt/se6x20/cli/bin/sscs logout

There are no predictable symptoms that would indicate the described issue has been exploited.

There is no workaround. Please see the "Resolution" section below.

Customers with an array that falls within the serial number range defined above should contact their Sun authorized service provider and reference this Sun Alert to obtain a utility which will resolve this issue.

The following recommendation is provided as a guideline for authorized Sun Services Field Representatives who may encounter the above mentioned issue. This issue can be resolved by downloading and running the utility described below on each affected array.

Note: This utility may be provided to customers so that they can resolve the issue themselves.

1. Download the "SE6130_6244556" utility from:

• 
  http://pts-storage.west/products/SE6130/6244556/6244556_fix.tar.Z
  

2. Copy "6244556_fix.tar.Z" into "/var/tmp" on the StorEdge 6130 Management Host:

    # cp 6244556_fix.tar.Z /var/tmp

3. Extract the contents of "6244556_fix.tar.Z":

    # zcat 6244556_fix.tar.Z | tar xvf -

4. Make the utility executable:

    # chmod 755 SE6130_6244556

Complete instructions for running the utility are included in the README file.

Note: Successful implementation for every fixed array should be communicated back to the product team by sending an Email to [email protected].

See details in the README.

This solution has no attachment