Note: This is an archival copy of Security Sun Alert 200620 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000482.1.
Article ID : 1000482.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-04-25
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the Sun Fire X2100M2 and X2200M2 Implementation of IPMI


Release Phase

Sun Fire X2100 M2 Server
Sun Fire X2200 M2 Server

Bug Id

Date of Resolved Release


A security vulnerability in the Sun Fire X2100M2 and Sun Fire X2200M2 implementation of IPMI may allow an unprivileged ipmitool(1m) user to gain unauthorized administrative privileges and then be able to reset or power off a local or remote Sun Fire X2100M2 or Sun Fire X2200M2 server.

Contributing Factors

This issue can occur on the following platforms:

x86 Platform

  • Sun Fire X2100M2 without BMC/SP Firmware 2.91
  • Sun Fire X2200M2 without BMC/SP Firmware 2.91


  1. The ipmitool(1m) is used for remote monitoring of Sun x64 systems and therefore does not affect the SPARC platform.
  2. This issue does not affect any other x64 systems apart from the Sun Fire X2100M2 and Sun Fire X2200M2.

To determine the current firmware revision on the system, the following command can be run:

    # ipmitool -H <ipaddress> -U <username> -P <password> mc info
    Device ID                 : 5
    Device Revision           : 0
    Firmware Revision         : 2.91
    IPMI Version              : 2.0
    Manufacturer ID           : 7244
    Manufacturer Name         : Unknown (0x1c4c)
    Product ID                : 21305 (0x5339)
    Device Available          : yes
    Provides Device SDRs      : yes


There are no predictable symptoms that would indicate the described vulnerability has been exploited.


There is no workaround for this issue. Please see the Resolution section below.


This issue is addressed on the following platforms:

x86 Platform

Modification History
Date: 26-APR-2007
  • Revised Synopsis and Impact section

This solution has no attachment