Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | |||
|
|
Solution Type Sun Alert Sure Solution 1018965.1 : Some Sun SPARC Enterprise T5120 and T5220 Servers Shipped With an Incorrect Solaris 10 Image Containing an Insecure Configuration
PreviouslyPublishedAs 231244 Bug Id None Product Sun SPARC Enterprise T5120 Server Sun SPARC Enterprise T5220 Server Date of Resolved Release 12-Feb-2008 Some Sun SPARC Enterprise T5120 and T5220 Servers Shipped With an Incorrect Solaris 10 Image Containing an Insecure Configuration 1. ImpactSun SPARC Enterprise T5120 and T5220 servers with datecode prior to BEL07480000 have been mistakenly shipped with factory settings in the pre-installed Solaris 10 OS image. These settings may allow a local or remote user to be able to execute arbitrary commands with the privileges of the root (uid 0) user.(To determine if your systems are affected by this issue please look for the changed parameters and extra files listed in the Contributing Factors section below). 2. Contributing FactorsThis issue can occur on the following platforms:
To determine the datecode on the T5120 or T5220, use either "Lights Out Management" (LOM) or prtdiag(1M) commands: ILOM CLI: > show /SYS/ ALOM CLI: sc> showplatform prtdiag -v To determine if an incorrect factory image of Solaris 10 has been installed on a system and if the system is affected by this issue, the following items can be reviewed: A. Remote logins are enabled for the root user which is indicated by the CONSOLE entry in /etc/default/login beginning with a hash sign (#): $ grep CONSOLE= /etc/default/loginB. The sshd(1M) daemon is configured to allow the root user to login using ssh(1) which is indicated by the 'PermitRootLogin' entry in sshd_config(4) being set to 'yes': $ grep PermitRootLogin /etc/ssh/sshd_configC. A profile(4) file for the root user will exist and have the 'PS1' environment variable set to a value of 'ROOT>' and the 'LOGDIR' environment variable will be set to '/export/home/utslog': $ egrep 'PS1|LOGDIR' /.profileD. Extra files and directories will exist on the system which are not part of a default install of Solaris 10: Files: /var/opt/SUNWvts/options/Huron_P2_PPA_VTS_6.4ps1_Excl_v1.1Directories: /opt/SUNWt1tsk 3. SymptomsThere are no predictable symptoms that would indicate the described issue has been exploited.4. WorkaroundSystems which are affected by this issue can modify the factory settings to no longer be insecure by performing the following steps as the root user:For item A, modify the CONSOLE entry in the /etc/default/login file to no longer begin with a hash (#). For item B, modify the PermitRootLogin entry in the /etc/sshd/sshd_config file from 'yes' to 'no' and then signal the sshd(1M) daemon to reread its configuration file using svcadm(1M): # svcadm restart svc:/network/ssh:defaultFor item C, the following lines can be removed from the /.profile file: PS1='ROOT>'For item D, the following files and directories can be removed using the rm(1) command: # /bin/rm /var/opt/SUNWvts/options/Huron_P2_PPA_VTS_6.4ps1_Excl_v1.1 /etc/opt/SUNWvts/sunvts.conf /opt/SUNWvts/bin/conf/iobus.cfg \ 5. ResolutionSun SPARC Enterprise T5120 and T5220 servers with datecode BEL07480000 and later ship with the correct Solaris 10 image. The resolution for systems affected by this issue are to follow the steps outlined in the "Workaround" section above.This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Internal Comments Please send technical questions to the following email: [email protected] and CC the following persons: Internal Contributor/Submitter Internal Eng Responsible Engineer Internal Services Knowledge Engineer Internal Contributor/submitter [email protected] Internal Eng Responsible Engineer [email protected] Internal Services Knowledge Engineer [email protected] Internal Eng Business Unit Group SSG ES (Enterprise Systems) Internal Sun Alert & FAB Admin Info WF 12-Feb-2008, david m: signoff OK by Security, send to publish WF 01-FEB-2008, David M: draft created, sent for 24hr review Attachments This solution has no attachment |
||||||||||||
|