Note: This is an archival copy of Security Sun Alert 200971 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000732.1.
Article ID : 1000732.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-24
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Limited Number of Sun StorEdge 6130 Arrays May be Vulnerable to Unauthorized Access

Category
Security

Release Phase
Resolved

Bug Id
6244556

Date of Resolved Release
05-MAY-2005

Impact

A local or remote unprivileged user may be able to gain unauthorized access to a limited number of Sun StorEdge 6130 arrays (SE6130). With this access, the user could delete data on the array.


Contributing Factors

This issue can occur on the following platform:

  • Sun StorEdge 6130 arrays with a serial number in the range of 0451AWF00G - 0513AWF00J

Notes:

  1. The described issue only affects Controller Arrays. Expansion trays are not affected.
  2. SE6130 Controller Arrays with serial numbers outside the range above are not impacted by this issue.

The Sun StorEdge Configuration Service (SSCS) commands can be used to determine the serial number of a Sun StorEdge 6130 array as shown in the example below:

1. Login to SSCS using the sscs(1M) comand line utility: 

    % /opt/se6x20/cli/bin/sscs login -h <management_host_name> -u <user>

2. To list the array(s) managed by this management host: 

    % /opt/se6x20/cli/bin/sscs list array
Array: SE6130-1
Array: SE6130-2
Array: SE6130-3

3. To list the details (including the serial number) of each array: 

    % /opt/se6x20/cli/bin/sscs list array <array_name>
Array:
Serial Number:             SUN.54062390100.0428AWF006
Firmware Version:          06.12.03.10
Array WWN:                 60:0A:0B:80:00:16:AB:12:00:00:00:00:41:23:4B:E2
Node WWN:                  20:04:00:A0:B8:16:AB:12
Default Host Type:         Solaris (with Traffic Manager)
Default Cache Block Size:  16384
Default Cache Start %:     80
Default Cache Stop %:      80
Disk Scrubbing:            30 days
Failover Alert Delay:      5 minutes
Hot Spare Pool Disks:      1
Health                     OK
Tray ID:                   1
Host:                      host 1
Pool:                      Pool 1-1
Pool:                      Pool 2
Pool:                      Pool 3
Pool:                      Pool 1
Pool:                      Default
%

4. Logout of SSCS 

    % /opt/se6x20/cli/bin/sscs logout

Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

Customers with an array that falls within the serial number range defined above should contact their Sun authorized service provider and reference this Sun Alert to obtain a utility which will resolve this issue.



Modification History

Product
Sun StorageTek 6130 Array














































Attachments
This solution has no attachment