A Security Vulnerability in the Sun System Firmware on Certain SPARC Systems May Allow Unauthorized Data Access

Asset ID:	1-77-1019731.1
Update Date:	2011-02-17
Keywords:

Solution Type Sun Alert Sure

Solution 1019731.1 : A Security Vulnerability in the Sun System Firmware on Certain SPARC Systems May Allow Unauthorized Data Access

Related Items


Sun Blade T6300 Server Module
 Sun Netra CP3060 ATCA Blade Server
 Sun Fire T2000 Server
 Sun SPARC Enterprise T5220 Server
 Sun Fire T1000 Server
 Sun SPARC Enterprise T5140 Server
 Sun Netra T2000 Server
 Sun SPARC Enterprise T5120 Server

Related Categories


GCS>Sun Microsystems>Sun Alert>Criteria Category>Security
 GCS>Sun Microsystems>Sun Alert>Release Phase>Resolved

PreviouslyPublishedAs
244826

Bug Id
<SUNBUG: 6721010>

Product
Sun SPARC Enterprise T5120 Server
Sun SPARC Enterprise T5140 Server
Sun SPARC Enterprise T5220 Server
Sun Fire T1000 Server
Sun Fire T2000 Server
Sun Netra T2000 Server
Sun Netra CP3060 ATCA Blade Server
Sun Blade T6300 Server Module

Date of Resolved Release
05-Nov-2008

A Security Vulnerability in the Sun System Firmware on Certain SPARC Systems May Allow Unauthorized Data Access

1. Impact

A security vulnerability in the firmware for certain Sun SPARC Systems using the Sun UltraSPARC T1, UltraSPARC T2, and UltraSPARC T2+ processors may allow unauthorized data access, where local privileged users in one Logical Domain (ldm(1M)) may be able to gain access to memory in another logical domain.

2. Contributing Factors

This issue can occur on the following platforms (when running multiple domains):

Sun SPARC Enterprise T5140/T5240 running Sun System Firmware 7.1.3.d or 7.1.3.e
Sun Netra T5220 running Sun System Firmware 7.1.3
Sun SPARC Enterprise T5120/T5220 running Sun System Firmware 7.1.3.d or 7.1.3.e
Sun Blade T6320 running Sun System Firmware 7.1.3.d or 7.1.3.e
Sun Fire / SPARC Enterprise T2000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
Sun Fire / SPARC Enterprise T1000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
Sun Netra T2000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
Sun Netra CP3060 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
Sun Blade T6300 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5

Note 1: No other Sun systems are affected by this issue.

Note 2: This issue can only occur on systems (listed above) running multiple domains.

Note 3: To determine the Sun System Firmware version installed on a system, you can query from the Service Processor command line interface with the following commands:

ILOM CLI: "show /HOST" (SysFW 7.x only)
ALOM CLI: "showhost" (SysFW 7.x and 6.x)

Example 1: (look for "Sun System Firmware" version information underneath the "Properties" section)

-> show /HOST
/HOST
Targets:
.
.
Properties:
.
.
sysfw_version =  Sun System Firmware 7.1.6.d 2008/09/15 17:11

Example 2:

sc> showhost
Sun System Firmware 7.1.6.d 2008/09/15 17:11

Host flash versions:
Hypervisor 1.6.7.a 2008/08/30 05:18
OBP 4.29.0.a 2008/09/15 12:01
POST 4.29.0.a 2008/09/15 12:27
sc>

Note 4: To determine if the system is running multiple domains, and is therefore potentially vulnerable, the LDoms Manager package (SUNWldm(1M)) includes a command to list the domains:

Example 1: This is a single-domained system:

# /opt/SUNWldm/bin/ldm list
NAME             STATE      FLAGS   CONS    VCPU  MEMORY   UTIL  UPTIME
primary          active     -n-c--  SP      64    65408M    11%  57m

Example 2: This is a multi-domained system with the 2nd domain active.

# /opt/SUNWldm/bin/ldm list
NAME             STATE      FLAGS   CONS    VCPU  MEMORY   UTIL  UPTIME
primary          active     -n-cv-  SP      32    2G       1.0%  8m
foo              active     -t----  5000    16    2G       6.2%  0s

Example 3: This is a multi-domained system with the 2nd domain quiesced:

# /opt/SUNWldm/bin/ldm list
NAME             STATE      FLAGS   CONS    VCPU  MEMORY   UTIL  UPTIME
primary          active     -n-cv-  SP      32    2G        57%  11m
foo              inactive   ------          16    2G

3. Symptoms

There are no predictable symptoms to indicate this issue has been exploited to gain unauthorized data access to the system.

4. Workaround

To work around the described issue until the resolution patches can be applied, restrict privileged access only to trusted users.

5. Resolution

This issue is addressed for these platforms in the following releases:

Sun SPARC Enterprise T5140/T5240 Sun System Firmware 7.1.6 (as delivered in patch 136936-07 or later)
Sun Netra T5220 Sun System Firmware 7.1.4.a (as delivered in patch 136934-03 or later)
Sun SPARC Enterprise T5120/T5220 Sun System Firmware 7.1.6 (as delivered in patch 136932-04 or later)
Sun Blade T6320 Sun System Firmware 7.1.6 (as delivered in patch 136933-06 or later)
Sun Fire / SPARC Enterprise T2000 Sun System Firmware 6.6.7 (as delivered in patch 136927-05 or later)
Sun Fire / SPARC Enterprise T1000 Sun System Firmware 6.6.7 (as delivered in patch 136928-05 or later)
Sun Netra T2000 Sun System Firmware 6.6.7 (as delivered in patch 136929-05 or later)
Sun Netra CP3060 Sun System Firmware 6.6.7 (as delivered in patch 136930-05 or later)
Sun Blade T6300 Sun System Firmware 6.6.7 (as delivered in patch 136931-05 or later)

For more information on Security Sun Alerts, see <Document: 1009886.1>.

This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

References

<SUNPATCH: 136932-04>
<SUNPATCH: 136933-06>
<SUNPATCH: 136934-03>
<SUNPATCH: 136936-07>
<SUNPATCH: 136927-05>
<SUNPATCH: 136928-05>
<SUNPATCH: 136929-05>
<SUNPATCH: 136930-05>
<SUNPATCH: 136931-05>

Internal Comments
Please send technical questions to the following email:
[email protected]
and CC the following persons:
Internal Contributor/Submitter
Internal Eng Responsible Engineer
Internal Services Knowledge Engineer

Internal Contributor/submitter
[email protected]

Internal Eng Responsible Engineer
[email protected]

Internal Services Knowledge Engineer
[email protected]

Internal Eng Business Unit Group
Systems Group - SVS (SPARC Volume Systems, Horizontal Systems, T1000/T2000 and Ontario), Systems Group - Netra Systems and Networking

Internal Resolution Patches
136932-04, 136933-06, 136934-03, 136936-07, 136927-05, 136928-05, 136929-05, 136930-05, 136931-05

Internal Sun Alert & FAB Admin Info
29-Oct-2008, david m: draft created, send for Security review
15-Nov-2008, david m: review completed, signoff by Security, send to publish

References

SUNPATCH:136927-05
SUNPATCH:136928-05
SUNPATCH:136929-05
SUNPATCH:136930-05
SUNPATCH:136931-05
SUNPATCH:136932-04
SUNPATCH:136933-06
SUNPATCH:136934-03
SUNPATCH:136936-07

Attachments

This solution has no attachment