Note: This is an archival copy of Security Sun Alert 249126 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019926.1. |
Category Security Category Availability Release Phase Resolved 6787023 Product Sun SPARC Enterprise M4000 Server Sun SPARC Enterprise M5000 Server Date of Resolved Release 12-Jan-2009 Incorrect software setting prior to shipping on certain Sun SPARC M4000/M5000 servers may allow unauthorized access 1. Impact Due to incorrect software settings prior to shipping on certain Sun SPARC 2. Contributing Factors This issue can occur on the following platforms:
XSCF> showhardconfSerial number breakdown to determine affected weeks: PPMYYWWSSSIn the example above, serial number BCF084604T indicates it is from week 46 of 2008. 3. Symptoms If the described issue occurs, the OBP Banner or Browser User Interface (BUI) may display a non-Sun brand. Another symptom can be seen when typing the keyboard sequence <tab><tab> at the XSCF prompt with the current user in "Normal" mode. This sequence will display a list of all available commands. If the command "enablecodboard" is present in the list, the described issue has been experienced. 4. Workaround There is no workaround for this issue. Please see the Resolution below. 5. Resolution If you believe you have an affected system, a Sun Service Request needs to be opened to correct the manufacturing settings. Typically this issue can be fixed using Shared Shell (see: http://www.sun.com/service/sharedshell/). For more information on Security Sun Alerts, see 1009886.1. This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Modification History 19-Jan-2009: Updated Impact section. http://panacea.central.sun.com/twiki/bin/view/Main/FJEnabledSystemsTrack Attachments This solution has no attachment |
|