Note: This is an archival copy of Security Sun Alert 200364 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000257.1.
Article ID : 1000257.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-24
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols

Category
Security

Release Phase
Resolved

Bug Id
4959521

Date of Workaround Release
16-JAN-2004

Date of Resolved Release
15-MAR-2004

Impact

On systems running Sun Cluster 3.x with SunPlex Manager configured, a remote unprivileged user (who has obtained "root" privileges) may cause a Denial of Service (DoS) and arbitrary code execution due to multiple vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

This issue is also described in CERT Vulnerability VU#104280 at http://www.kb.cert.org/vuls/id/104280, which is referenced in CERT Advisory CA-2003-26 at http://www.cert.org/advisories/CA-2003-26.html. Also see the NISCC Vulnerability Advisory 006489/TLS at http://www.uniras.gov.uk/vuls/2003/006489/tls.htm.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Sun Cluster 3.0 (for Solaris 8) with SunPlex Manager configured, without patch 113505-02
  • Sun Cluster 3.0 (for Solaris 9) with SunPlex Manager configured, without patch 113508-02
  • Sun Cluster 3.1 (for Solaris 8) with SunPlex Manager configured, without patch 115054-01
  • Sun Cluster 3.1 (for Solaris 9) with SunPlex Manager configured, without patch 115055-01

Notes:

  1. Sun Cluster 3.x is not supported on Solaris 7 or Solaris x86 platforms.
  2. Sun Cluster 2.x is not affected by this issue.
  3. Sun Cluster component SunPlex Manager uses OpenSSL.

To determine if SunPlex Manager is configured and running on a cluster node, run the following command: 

    $ /usr/bin/ps -fp `/usr/bin/cat /var/cluster/spm/httpd.pid`

If the output is similar to the following: 

    UID   PID   PPID   C   STIME TTY  TIME  CMD
root  2907     1   0   Nov 19 ?   0:02  /usr/apache/bin/httpd -DSSL -f /opt/SUNWscvw/conf/httpd.conf

then SunPlex Manager is running on this cluster node. If the above command returns no process information or an error, SunPlex Manager is not running on this cluster node.


Symptoms

There are no predictable symptoms that would indicate the above described issue has been exploited.


Workaround

To work around the described issue, systems can be protected by completely stopping the SunPlex Manager by running the following command: 

    $ /etc/init.d/initspm stop

Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Sun Cluster 3.0 (for Solaris 8) with patch 113505-02 or later
  • Sun Cluster 3.0 (for Solaris 9) with patch 113508-02 or later
  • Sun Cluster 3.1 (for Solaris 8) with patch 115054-01 or later
  • Sun Cluster 3.1 (for Solaris 9) with patch 115055-01 or later


Modification History
Date: 09-FEB-2004
  • Updated Contributing Factors and Relief/Workaround sections to add T-Patch information

Date: 23-FEB-2004
  • Updated Contributing Factors and Resolution sections

Date: 15-MAR-2004
  • Updated Contributing Factors and Resolution sections
  • Re-release as Resolved


Product
Sun Cluster 3.1


References

113505-02
113508-02
115054-01
115055-01





Attachments
This solution has no attachment