![]() | Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition | ||
|
|
![]() |
||||||||||||
Solution Type Sun Alert Sure Solution 1000524.1 : Sun Fire X2100/X2200 M2 Servers ELOM Software is Vulnerable to Arbitrary Command Execution
PreviouslyPublishedAs 200667 Product Sun Fire X2100 M2 Server Sun Fire X2200 M2 Server Bug Id SUNBUG: 6502439 Date of Resolved Release 29-OCT-2007 ***Checked for relevance on 12-Jul-2012*** Impact A security vulnerability in the X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) software may allow remote unprivileged users the ability to execute arbitrary commands with root privileges on the embedded Service Processor (SP). Contributing Factors This issue can occur on the following platforms: x86 Platform
Notes:
To determine the firmware version of the SP, the ipmitool(1M) utility can be run as in the following example: $ ipmitool -H <hostname> -U <username> mc info or the following command can be used at the CLI (logged in to the SP): /SP -> show /SP/AgentInfo Symptoms There are no reliable symptoms that would indicate this issue has been exploited. Workaround To prevent this issue from occurring, administrators can restrict access to the SP by either connecting only via the serial port or by connecting the Net Mgmt RJ-45 ethernet port to a private management network. Additional information regarding management of the Sun Fire X2100/X2200 M2 Servers, ELOM, and ipmitool(1m) can be found in the "Embedded Lights Out Manager Administration Guide". Resolution This issue is addressed on the following platforms:
http://www.oracle.com/technetwork/indexes/downloads/sun-az-index-095901.html Modification History: Checked for relevance on 12-Jul-2012 Previously Published As 103127 Internal Comments Internal Contributor/submitter [email protected] Internal Eng Business Unit Group NSG (Network Systems Group) Internal Eng Responsible Engineer [email protected] Internal Services Knowledge Engineer [email protected] questions regarding this document should be addressed to [email protected] Internal Escalation ID 1-20761745 Internal Sun Alert Kasp Legacy ID 103127 Attachments This solution has no attachment |
||||||||||||
|