|
Note: This is an archival copy of Security Sun Alert 201333 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001007.1. |
Category Security Release Phase Resolved Sun SPARC Enterprise M9000 Server Sun SPARC Enterprise M8000 Server Sun SPARC Enterprise M4000 Server Sun SPARC Enterprise M5000 Server Bug Id 6574635, 6546970, 6548161 Date of Resolved Release 04-DEC-2007 Impact Security vulnerabilities with telnet(1), Secure Shell (SSH), and httpd in the Sun SPARC Enterprise M4000/M5000/M8000/M9000 XSCF Control Package (XCP) firmware versions prior to 1050 may allow a remote unprivileged user to cause a Denial of Service (DoS). Contributing Factors This issue can occur on the following platforms:
To determine the version of XCP firmware installed on a system, the following command can be used at the XSCF> prompt: XSCF> version -c xcp XSCF#0 (Active ) XCP0 (Current): 1050 XCP1 (Reserve): 1050 XSCF> If the value under "Current" is less than 1050, the system may be vulnerable to this issue. Symptoms If the described issue occurs, the eXtended System Control Facility (XSCF) response may degrade and the XSCF will reboot whenever an "Out of Memory" condition occurs. Issues connecting to the XSCF may also be experienced. Workaround There is no workaround. Please see the Resolution section below. Resolution This issue is addressed in the following releases:
XCP 1050 packages are available from the Sun Download Center at: Attachments This solution has no attachment | |||||||||||||||
|
|