Security Vulnerabilities in Early Versions of Sun SPARC Enterprise M4000/M5000/M8000/M9000 XSCF Control Package (XCP) firmware may Result in a Denial of Service (DoS) Condition |
|
| Category : | Security |
| Release Phase : | Resolved |
| Product : | Sun SPARC Enterprise M9000 Server
Sun SPARC Enterprise M8000 Server
Sun SPARC Enterprise M4000 Server
Sun SPARC Enterprise M5000 Server
|
| Bug Id : | 6574635, 6546970, 6548161
|
| Date of Resolved Release : | 04-DEC-2007
|
Security vulnerabilities with telnet(1), Secure Shell (SSH), and httpd in the Sun SPARC Enterprise M4000/M5000/M8000/M9000 XSCF Control Package (XCP) firmware versions prior to 1050 may allow a remote unprivileged user to cause a Denial of Service (DoS).
Contributing Factors
This issue can occur on the following platforms:
- SPARC Enterprise M4000/M5000/M8000/M9000 servers with XSCF Control Package (XCP) firmware versions prior to 1050.
To determine the version of XCP firmware installed on a system, the following command can be used at the XSCF> prompt:
XSCF> version -c xcp
XSCF#0 (Active )
XCP0 (Current): 1050
XCP1 (Reserve): 1050
XSCF>
If the value under "Current" is less than 1050, the system may be vulnerable to this issue.
Symptoms
If the described issue occurs, the eXtended System Control Facility (XSCF) response may degrade and the XSCF will reboot whenever an "Out of Memory" condition occurs. Issues connecting to the XSCF may also be experienced.
Workaround
There is no workaround. Please see the Resolution section below.
Resolution
This issue is addressed in the following releases:
- XCP version 1050 or later
XCP 1050 packages are available from the Sun Download Center at:
AttachmentsThis solution has no attachment
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
