Note: This is an archival copy of Security Sun Alert 239930 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019470.1.
Article ID : 1019470.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2008-08-27
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Firmware for T5220, T5140 and T5240 Systems May Allow a Denial of Service (DoS)



Category
Security

Release Phase
Resolved

Bug Id
6710098

Product
Sun Netra T5220 Server
Sun SPARC Enterprise T5140 Server
Sun SPARC Enterprise T5240 Server

Date of Resolved Release
05-Aug-2008

Security Vulnerability in Firmware for T5220, T5140 and T5240 Systems May Allow a Denial of Service (DoS)

1. Impact

A security vulnerability in the firmware for Sun Netra T5220 systems and SPARC Enterprise T5140 and T5240 systems may allow a local unprivileged user to panic the system, which is a type of Denial of Service (DoS).

2. Contributing Factors

This issue can occur on the following platforms:

SPARC Platform
  • Sun Netra T5220 Server with firmware version 7.1.3 and without patch 136934-03
  • SPARC Enterprise T5140 and T5240 Servers with firmware version 7.1.3.c and without patch 136936-06
Note: No other Sun systems are affected by this issue.

To determine the firmware version on the system, log in to the service processor and run the 'showhost' command as in the following example (from the T5220):

sc> showhost
Sun System Firmware 7.1.3 2008/05/27 09:53
Host flash versions:
Hypervisor 1.6.4 2008/05/27 08:45
OBP 4.28.6 2008/05/23 12:07
POST 4.28.6 2008/05/23 12:32

3. Symptoms

The system will panic or produce unpredictable results. The panic string will include "BAD TRAP type=33" or  "BAD TRAP type=34". User applications may fail with a segmentation fault (SIGSEGV) and may also write a core file, depending on the user's privileges and the system-wide coreadm(1M) settings.

4. Workaround

There is no workaround for this issue. Please see the Resolution section below.

5. Resolution

This issue is addressed on the following platforms:

SPARC Platform
  • Sun Netra T5220 Server with firmware version 7.1.4.a (as delivered in patch 136934-03 or later)
  • SPARC Enterprise T5140 and T5240 Servers with firmware version 7.1.3.d (as delivered in patch 136936-06 or later)


For more information on Security Sun Alerts, see 1009886.1.


This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.


Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.


Modification History
28-Aug-2008: Updated Products, Impact, Contributing Factors and Resoluton sections


References

136934-03
136936-06





Attachments
This solution has no attachment