Product
Sun Fire X2100 M2 Server
Sun Fire X2200 M2 Server

Bug Id
6514224

Date of Resolved Release
07-MAR-2007

Impact

A security vulnerability in the Sun Fire X2100M2 and Sun Fire X2200M2 implementation of IPMI may allow an unprivileged ipmitool(1m) user to gain unauthorized administrative privileges and then be able to reset or power off a local or remote Sun Fire X2100M2 or Sun Fire X2200M2 server.

Contributing Factors

This issue can occur on the following platforms:

x86 Platform

• Sun Fire X2100M2 without BMC/SP Firmware 2.91
• Sun Fire X2200M2 without BMC/SP Firmware 2.91

Notes:

1. The ipmitool(1m) is used for remote monitoring of Sun x64 systems and therefore does not affect the SPARC platform.
2. This issue does not affect any other x64 systems apart from the Sun Fire X2100M2 and Sun Fire X2200M2.

To determine the current firmware revision on the system, the following command can be run:

    # ipmitool -H <ipaddress> -U <username> -P <password> mc info
    Device ID                 : 5
    Device Revision           : 0
    Firmware Revision         : 2.91
    IPMI Version              : 2.0
    Manufacturer ID           : 7244
    Manufacturer Name         : Unknown (0x1c4c)
    Product ID                : 21305 (0x5339)
    Device Available          : yes
    Provides Device SDRs      : yes

Symptoms

There are no predictable symptoms that would indicate the described vulnerability has been exploited.

Workaround

There is no workaround for this issue. Please see the Resolution section below.

Resolution

This issue is addressed on the following platforms:

x86 Platform

• Sun Fire X2100M2 with BMC/SP Firmware 2.91 (included with M2 Server 1.4 CD ISO release) at http://www.sun.com/servers/entry/x2100/downloads.jsp
• Sun Fire X2200M2 with BMC/SP Firmware 2.91 (included with M2 Server 1.4 CD ISO release) at http://www.sun.com/servers/x64/x2200/downloads.jsp

Modification History
Date: 26-APR-2007

• Revised Synopsis and Impact section

Attachments

This solution has no attachment