Note: This is an archival copy of Security Sun Alert 201333 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001007.1.
Sun SPARC Enterprise M9000 Server
Sun SPARC Enterprise M8000 Server
Sun SPARC Enterprise M4000 Server
Sun SPARC Enterprise M5000 Server
6574635, 6546970, 6548161
Date of Resolved Release
Security vulnerabilities with telnet(1), Secure Shell (SSH), and httpd in the Sun SPARC Enterprise M4000/M5000/M8000/M9000 XSCF Control Package (XCP) firmware versions prior to 1050 may allow a remote unprivileged user to cause a Denial of Service (DoS).
This issue can occur on the following platforms:
To determine the version of XCP firmware installed on a system, the following command can be used at the XSCF> prompt:
XSCF> version -c xcp XSCF#0 (Active ) XCP0 (Current): 1050 XCP1 (Reserve): 1050 XSCF>
If the value under "Current" is less than 1050, the system may be vulnerable to this issue.
If the described issue occurs, the eXtended System Control Facility (XSCF) response may degrade and the XSCF will reboot whenever an "Out of Memory" condition occurs. Issues connecting to the XSCF may also be experienced.
There is no workaround. Please see the Resolution section below.
This issue is addressed in the following releases:
XCP 1050 packages are available from the Sun Download Center at:
This solution has no attachment