Note: This is an archival copy of Security Sun Alert 200971 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000732.1.
Date of Resolved Release
A local or remote unprivileged user may be able to gain unauthorized access to a limited number of Sun StorEdge 6130 arrays (SE6130). With this access, the user could delete data on the array.
This issue can occur on the following platform:
The Sun StorEdge Configuration Service (SSCS) commands can be used to determine the serial number of a Sun StorEdge 6130 array as shown in the example below:
1. Login to SSCS using the sscs(1M) comand line utility:
% /opt/se6x20/cli/bin/sscs login -h <management_host_name> -u <user>
2. To list the array(s) managed by this management host:
% /opt/se6x20/cli/bin/sscs list array Array: SE6130-1 Array: SE6130-2 Array: SE6130-3
3. To list the details (including the serial number) of each array:
% /opt/se6x20/cli/bin/sscs list array <array_name> Array: Serial Number: SUN.54062390100.0428AWF006 Firmware Version: 06.12.03.10 Array WWN: 60:0A:0B:80:00:16:AB:12:00:00:00:00:41:23:4B:E2 Node WWN: 20:04:00:A0:B8:16:AB:12 Default Host Type: Solaris (with Traffic Manager) Default Cache Block Size: 16384 Default Cache Start %: 80 Default Cache Stop %: 80 Disk Scrubbing: 30 days Failover Alert Delay: 5 minutes Hot Spare Pool Disks: 1 Health OK Tray ID: 1 Host: host 1 Pool: Pool 1-1 Pool: Pool 2 Pool: Pool 3 Pool: Pool 1 Pool: Default %
4. Logout of SSCS
% /opt/se6x20/cli/bin/sscs logout
There are no predictable symptoms that would indicate the described issue has been exploited.
There is no workaround. Please see the "Resolution" section below.
Customers with an array that falls within the serial number range defined above should contact their Sun authorized service provider and reference this Sun Alert to obtain a utility which will resolve this issue.
Sun StorageTek 6130 Array
This solution has no attachment