Note: This is an archival copy of Security Sun Alert 200620 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000482.1.
Sun Fire X2100 M2 Server
Sun Fire X2200 M2 Server
Date of Resolved Release
A security vulnerability in the Sun Fire X2100M2 and Sun Fire X2200M2 implementation of IPMI may allow an unprivileged ipmitool(1m) user to gain unauthorized administrative privileges and then be able to reset or power off a local or remote Sun Fire X2100M2 or Sun Fire X2200M2 server.
This issue can occur on the following platforms:
To determine the current firmware revision on the system, the following command can be run:
# ipmitool -H <ipaddress> -U <username> -P <password> mc info Device ID : 5 Device Revision : 0 Firmware Revision : 2.91 IPMI Version : 2.0 Manufacturer ID : 7244 Manufacturer Name : Unknown (0x1c4c) Product ID : 21305 (0x5339) Device Available : yes Provides Device SDRs : yes
There are no predictable symptoms that would indicate the described vulnerability has been exploited.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed on the following platforms:
This solution has no attachment