SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Sun Fire Server Software Vendors:   Sun
Sun Fire Embedded Lights Out Manager Lets Remote Users Gain Access
SecurityTracker Alert ID:  1021646
SecurityTracker URL:  http://securitytracker.com/id/1021646
CVE Reference:   CVE-2009-0344, CVE-2009-0345   (Links to External Site)
Updated:  Feb 11 2009
Original Entry Date:  Jan 29 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): X2100 M2 and X2200 M2
Description:   A vulnerability was reported in Embedded Lights Out Manager on Sun Fire. A remote user can execute arbitrary code on or gain access to the target system.

A remote user can login with the privileges of the Embedded Lights Out Manager (ELOM).

A remote user can execute arbitrary commands on the Service Processor.

Tomas Kopal reported one of the vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system or gain access to the target system.
Solution:   The vendor has issued a fix.

x86 Platform

* Sun Fire X2100 M2 Server with firmware version 3.20 from the 1.7 "Tools and Drivers" CD (or later) ISO

The ISO image is available at:

http://www.sun.com/servers/entry/x2100/downloads.jsp

* Sun Fire X2200 M2 Server with firmware version 3.20 from the 2.1 "Tools and Drivers" CD (or later)

The ISO image is available at:

http://www.sun.com/servers/x64/x2200/downloads.jsp

The vendor's advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2016, SecurityGlobal.net LLC