SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Sun Fire Server Software Vendors:   Sun
Sun Fire Embedded Lights Out Manager Lets Remote Users Gain Access
SecurityTracker Alert ID:  1021646
SecurityTracker URL:  http://securitytracker.com/id/1021646
CVE Reference:   CVE-2009-0344, CVE-2009-0345   (Links to External Site)
Updated:  Feb 11 2009
Original Entry Date:  Jan 29 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): X2100 M2 and X2200 M2
Description:   A vulnerability was reported in Embedded Lights Out Manager on Sun Fire. A remote user can execute arbitrary code on or gain access to the target system.

A remote user can login with the privileges of the Embedded Lights Out Manager (ELOM).

A remote user can execute arbitrary commands on the Service Processor.

Tomas Kopal reported one of the vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system or gain access to the target system.
Solution:   The vendor has issued a fix.

x86 Platform

* Sun Fire X2100 M2 Server with firmware version 3.20 from the 1.7 "Tools and Drivers" CD (or later) ISO

The ISO image is available at:

http://www.sun.com/servers/entry/x2100/downloads.jsp

* Sun Fire X2200 M2 Server with firmware version 3.20 from the 2.1 "Tools and Drivers" CD (or later)

The ISO image is available at:

http://www.sun.com/servers/x64/x2200/downloads.jsp

The vendor's advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1 (Links to External Site)
Cause:   Not specified
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Wed, 28 Jan 2009 23:47:17 -0500
Subject:  http://sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1


Security Vulnerabilities in the Embedded Lights Out Manager (ELOM) on Sun Fire X2100 M2 and X2200 M2 May Allow Unauthorized Logins  
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC