A Security Vulnerability in the Sun System Firmware on Certain SPARC Systems May Allow Unauthorized Data Access

Asset ID:	1-77-1019731.1
Update Date:	2012-07-19
Keywords:

Solution Type Sun Alert Sure

Solution 1019731.1 : A Security Vulnerability in the Sun System Firmware on Certain SPARC Systems May Allow Unauthorized Data Access

Related Items


Sun Blade T6300 Server Module
 Sun Netra CP3060 ATCA Blade Server
 Sun Fire T2000 Server
 Sun SPARC Enterprise T5220 Server
 Sun Fire T1000 Server
 Sun SPARC Enterprise T5140 Server
 Sun SPARC Enterprise T5120 Server
 Sun Netra T2000 Server

Related Categories


PLA-Support>Sun Systems>Sun_Other>Sun Collections>SN-OTH: Sun Alert
 .Old GCS Categories>Sun Microsystems>Sun Alert>Criteria Category>Security
 .Old GCS Categories>Sun Microsystems>Sun Alert>Release Phase>Resolved

PreviouslyPublishedAs
244826

Bug Id
SUNBUG: 6721010

Product
Sun SPARC Enterprise T5120 Server
Sun SPARC Enterprise T5140 Server
Sun SPARC Enterprise T5220 Server
Sun Fire T1000 Server
Sun Fire T2000 Server
Sun Netra T2000 Server
Sun Netra CP3060 ATCA Blade Server
Sun Blade T6300 Server Module

Date of Resolved Release
05-Nov-2008

***Checked for relevance on 19-Jul-2012***

1. Impact

A security vulnerability in the firmware for certain Sun SPARC Systems using the Sun UltraSPARC T1, UltraSPARC T2, and UltraSPARC T2+ processors may allow unauthorized data access, where local privileged users in one Logical Domain (ldm(1M)) may be able to gain access to memory in another logical domain.

2. Contributing Factors

This issue can occur on the following platforms (when running multiple domains):

Sun SPARC Enterprise T5140/T5240 running Sun System Firmware 7.1.3.d or 7.1.3.e
Sun Netra T5220 running Sun System Firmware 7.1.3
Sun SPARC Enterprise T5120/T5220 running Sun System Firmware 7.1.3.d or 7.1.3.e
Sun Blade T6320 running Sun System Firmware 7.1.3.d or 7.1.3.e
Sun Fire / SPARC Enterprise T2000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
Sun Fire / SPARC Enterprise T1000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
Sun Netra T2000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
Sun Netra CP3060 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
Sun Blade T6300 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5

Note 1: No other Sun systems are affected by this issue.

Note 2: This issue can only occur on systems (listed above) running multiple domains.

Note 3: To determine the Sun System Firmware version installed on a system, you can query from the Service Processor command line interface with the following commands:

ILOM CLI: "show /HOST" (SysFW 7.x only)
ALOM CLI: "showhost" (SysFW 7.x and 6.x)

Example 1: (look for "Sun System Firmware" version information underneath the "Properties" section)

-> show /HOST
/HOST
Targets:
.
.
Properties:
.
.
sysfw_version =  Sun System Firmware 7.1.6.d 2008/09/15 17:11

Example 2:

sc> showhost
Sun System Firmware 7.1.6.d 2008/09/15 17:11

Host flash versions:
Hypervisor 1.6.7.a 2008/08/30 05:18
OBP 4.29.0.a 2008/09/15 12:01
POST 4.29.0.a 2008/09/15 12:27
sc>

Note 4: To determine if the system is running multiple domains, and is therefore potentially vulnerable, the LDoms Manager package (SUNWldm(1M)) includes a command to list the domains:

Example 1: This is a single-domained system:

# /opt/SUNWldm/bin/ldm list
NAME             STATE      FLAGS   CONS    VCPU  MEMORY   UTIL  UPTIME
primary          active     -n-c--  SP      64    65408M    11%  57m

Example 2: This is a multi-domained system with the 2nd domain active.

# /opt/SUNWldm/bin/ldm list
NAME             STATE      FLAGS   CONS    VCPU  MEMORY   UTIL  UPTIME
primary          active     -n-cv-  SP      32    2G       1.0%  8m
foo              active     -t----  5000    16    2G       6.2%  0s

Example 3: This is a multi-domained system with the 2nd domain quiesced:

# /opt/SUNWldm/bin/ldm list
NAME             STATE      FLAGS   CONS    VCPU  MEMORY   UTIL  UPTIME
primary          active     -n-cv-  SP      32    2G        57%  11m
foo              inactive   ------          16    2G

3. Symptoms

There are no predictable symptoms to indicate this issue has been exploited to gain unauthorized data access to the system.

4. Workaround

To work around the described issue until the resolution patches can be applied, restrict privileged access only to trusted users.

5. Resolution

This issue is addressed for these platforms in the following releases:

Sun SPARC Enterprise T5140/T5240 Sun System Firmware 7.1.6 (as delivered in patch 136936-07 or later)
Sun Netra T5220 Sun System Firmware 7.1.4.a (as delivered in patch 136934-03 or later)
Sun SPARC Enterprise T5120/T5220 Sun System Firmware 7.1.6 (as delivered in patch 136932-04 or later)
Sun Blade T6320 Sun System Firmware 7.1.6 (as delivered in patch 136933-06 or later)
Sun Fire / SPARC Enterprise T2000 Sun System Firmware 6.6.7 (as delivered in patch 136927-05 or later)
Sun Fire / SPARC Enterprise T1000 Sun System Firmware 6.6.7 (as delivered in patch 136928-05 or later)
Sun Netra T2000 Sun System Firmware 6.6.7 (as delivered in patch 136929-05 or later)
Sun Netra CP3060 Sun System Firmware 6.6.7 (as delivered in patch 136930-05 or later)
Sun Blade T6300 Sun System Firmware 6.6.7 (as delivered in patch 136931-05 or later)

For more information on Security Sun Alerts, see <Document: 1009886.1>.

Modification History
19-Jul-2012: Maintenance update, checked for relevance

References

SUNPATCH:13692705
SUNPATCH:13692805
SUNPATCH:13692905
SUNPATCH:13693005
SUNPATCH:13693105
SUNPATCH:13693204
SUNPATCH:13693403
SUNPATCH:13693306
SUNPATCH:13693607

Attachments

This solution has no attachment