Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-77-1018965.1
Update Date:2012-07-26
Keywords:
Solution Type  Sun Alert Sure

Solution  1018965.1 :   Some Sun SPARC Enterprise T5120 and T5220 Servers Shipped With an Incorrect Solaris 10 Image Containing an Insecure Configuration  

Related Items 
    

  • Sun SPARC Enterprise T5220 Server
    •  
  • Sun SPARC Enterprise T5120 Server
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>Sun_Other>Sun Collections>SN-OTH: Sun Alert
    •  
  • .Old GCS Categories>Sun Microsystems>Sun Alert>Release Phase>Resolved
    •  

PreviouslyPublishedAs
231244 


Product
Sun SPARC Enterprise T5120 Server

Sun SPARC Enterprise T5220 Server

Date of Resolved Release
12-Feb-2008


***Checked for relevance on 26-Jul-2012***



1. Impact

Sun SPARC Enterprise T5120 and T5220 servers with datecode prior
to BEL07480000 have
been mistakenly shipped with factory settings in the pre-installed
Solaris 10 OS image. These settings may allow a local or remote user to
be able to execute arbitrary commands with the privileges of the root
(uid 0) user. 



(To determine if your systems are affected by this issue please look
for the
changed parameters and extra files listed in the Contributing Factors
section below).


2. Contributing Factors

This issue can occur on the following platforms:


    

  • Sun SPARC Enterprise T5120 and T5220 Servers with datecode
prior to BEL07480000
    • 


Note: Systems are only impacted
by this issue if they have an incorrect factory image installed. 



To determine the datecode on the T5120 or T5220, use either
"Lights Out Management" (LOM) or prtdiag(1M) commands:



    ILOM CLI:  > show /SYS/ 

    ALOM CLI:  sc> showplatform

    prtdiag -v


To determine if an incorrect factory image of Solaris 10 has been
installed on a system and if the system is affected by this issue, the following items can be reviewed:



A. Remote logins are
enabled for the root user which is indicated by the CONSOLE entry in
/etc/default/login beginning with a hash sign (#):


    $ grep CONSOLE= /etc/default/login
    #CONSOLE=/dev/console

B. The sshd(1M) daemon is configured to allow the root user to login
using ssh(1) which is indicated by the 'PermitRootLogin' entry in
sshd_config(4) being set to 'yes':


    $ grep PermitRootLogin /etc/ssh/sshd_config
    PermitRootLogin yes

C. A profile(4) file for
the root user will exist and have the 'PS1' environment variable set to a
value of 'ROOT>' and the 'LOGDIR' environment variable will be
set to '/export/home/utslog':


    $ egrep 'PS1|LOGDIR' /.profile
    PS1='ROOT>'
    LOGDIR='/export/home/utslog'
    export LOGDIR

D.  Extra files and directories will exist on the system which are
not part of a default
install of Solaris 10: 



    Files:


   /var/opt/SUNWvts/options/Huron_P2_PPA_VTS_6.4ps1_Excl_v1.1
   /etc/opt/SUNWvts/sunvts.conf
   /opt/SUNWvts/bin/conf/iobus.cfg
   /export/home/bin/Huron_P2_PPA_VTS_6.4ps1_Func_v1.2
   /export/home/bin/Huron_P2_PPA_VTS_6.4ps1_Excl_v1.1


    Directories:


   /opt/SUNWt1tsk
   /export/Nebula


3. Symptoms

There are no predictable symptoms that would indicate the described
issue has been exploited.


4. Workaround

Systems which are affected by this issue can modify the factory settings to no longer be
insecure by performing the following steps as the root user:



For item A, modify the CONSOLE entry in the /etc/default/login file to no longer begin with a hash
(#).



For item B, modify the PermitRootLogin entry in the
/etc/sshd/sshd_config file from 'yes' to 'no' and then signal the
sshd(1M) daemon to reread its configuration file using svcadm(1M):


    # svcadm restart svc:/network/ssh:default

For item C, the following lines can be removed from the /.profile file:


    PS1='ROOT>'
    LOGDIR='/export/home/utslog'
    export LOGDIR

For item D, the following files and directories can be removed using
the rm(1) command:


    # /bin/rm /var/opt/SUNWvts/options/Huron_P2_PPA_VTS_6.4ps1_Excl_v1.1 /etc/opt/SUNWvts/sunvts.conf /opt/SUNWvts/bin/conf/iobus.cfg \
    /export/home/bin/Huron_P2_PPA_VTS_6.4ps1_Func_v1.2 /export/home/bin/Huron_P2_PPA_VTS_6.4ps1_Excl_v1.1

    # /bin/rm -f /opt/SUNWt1tsk /export/Nebula


5. Resolution

Sun SPARC Enterprise T5120 and T5220 servers with datecode BEL07480000 and later ship
with the correct Solaris 10 image. The resolution for systems affected
by this issue are to follow the steps outlined in the "Workaround"
section above.



Modification History:

12-Feb-2008: Document released

26-Jul-2012: Maintenance check for relevance/currency, no change in content




Attachments

This solution has no attachment


















       

Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.

 Feedback