SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Sun Fire Server Software Vendors:   Sun
Sun Fire Server Embedded Lights Out Manager Software Lets Remote Users Execute Arbitrary Commands
SecurityTracker Alert ID:  1018869
SecurityTracker URL:  http://securitytracker.com/id/1018869
CVE Reference:   CVE-2007-5717   (Links to External Site)
Updated:  Feb 18 2008
Original Entry Date:  Oct 30 2007
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): X2100/X2200 M2 Servers
Description:   A vulnerability was reported in Sun Fire Server Software. A remote user can execute arbitrary commands with root privileges on the target system.

A remote user can exploit a flaw in the X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) software to execute arbitrary commands on the target embedded Service Processor. The code will run with root privileges.

Impact:   A remote user can execute arbitrary commands with root privileges on the target system.
Solution:   Sun has issued the following fixes.

* Sun Fire X2100 M2 Server with firmware version 2.70 from the 1.3 "Tools and Drivers" CD (or later) ISO image available at:

http://www.sun.com/servers/entry/x2100/downloads.jsp

* Sun Fire X2200 M2 Server with firmware version 2.70 from the 1.3 "Tools and Drivers" CD (or later) ISO image available at:

http://www.sun.com/servers/x64/x2200/downloads.jsp

The Sun advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103127-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-26-103127-1 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC