Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-77-1000732.1
Update Date:2011-02-24
Keywords:
Solution Type  Sun Alert Sure

Solution  1000732.1 :   A Limited Number of Sun StorEdge 6130 Arrays May be Vulnerable to Unauthorized Access  

Related Items 
    

  • Sun Storage 6130 Array
    •  
Related Categories 
    

  • GCS>Sun Microsystems>Sun Alert>Criteria Category>Security
    •  
  • GCS>Sun Microsystems>Sun Alert>Release Phase>Resolved
    •  

PreviouslyPublishedAs
200971 


Bug Id

<SUNBUG: 6244556>


Date of Resolved Release
05-MAY-2005


Impact



A local or remote unprivileged user may be able to gain unauthorized access to a limited number of Sun StorEdge 6130 arrays (SE6130). With this access, the user could delete data on the array.



Contributing Factors



This issue can occur on the following platform:



    

  • 
Sun StorEdge 6130 arrays with a serial number in the range of 0451AWF00G - 0513AWF00J

    • 




Notes:



    

  1. 
The described issue only affects Controller Arrays. Expansion trays are not affected.

    2. 

  2. 
SE6130 Controller Arrays with serial numbers outside the range above are not impacted by this issue.

    3. 




The Sun StorEdge Configuration Service (SSCS) commands can be used to determine the serial number of a Sun StorEdge 6130 array as shown in the example below:




1. Login to SSCS using the sscs(1M) comand line utility:



    % /opt/se6x20/cli/bin/sscs login -h <management_host_name> -u <user>



2. To list the array(s) managed by this management host:



    % /opt/se6x20/cli/bin/sscs list array
Array: SE6130-1
Array: SE6130-2
Array: SE6130-3



3. To list the details (including the serial number) of each array:



    % /opt/se6x20/cli/bin/sscs list array <array_name>
Array:
Serial Number:             SUN.54062390100.0428AWF006
Firmware Version:          06.12.03.10
Array WWN:                 60:0A:0B:80:00:16:AB:12:00:00:00:00:41:23:4B:E2
Node WWN:                  20:04:00:A0:B8:16:AB:12
Default Host Type:         Solaris (with Traffic Manager)
Default Cache Block Size:  16384
Default Cache Start %:     80
Default Cache Stop %:      80
Disk Scrubbing:            30 days
Failover Alert Delay:      5 minutes
Hot Spare Pool Disks:      1
Health                     OK
Tray ID:                   1
Host:                      host 1
Pool:                      Pool 1-1
Pool:                      Pool 2
Pool:                      Pool 3
Pool:                      Pool 1
Pool:                      Default
%



4. Logout of SSCS



    % /opt/se6x20/cli/bin/sscs logout


Symptoms



There are no predictable symptoms that would indicate the described issue has been exploited.



Workaround



There is no workaround. Please see the "Resolution" section below.



Resolution



Customers with an array that falls within the serial number range defined above should contact their Sun authorized service provider and reference this Sun Alert to obtain a utility which will resolve this issue.




Modification History



Product
Sun StorageTek 6130 Array


 Previously Published As

 101679

 Internal Comments

 

 

       


         The following recommendation is provided as a guideline for authorized Sun Services Field Representatives who may encounter the above mentioned issue. This issue can be resolved by downloading and running the utility described below on each affected array.

       



       


         Note: This utility may be provided to customers so that they can resolve the issue themselves.

       



       


         1. Download the "SE6130_6244556" utility from:

       



       

       


         2. Copy "6244556_fix.tar.Z" into "/var/tmp" on the StorEdge 6130 Management Host:

       



       
    # cp 6244556_fix.tar.Z /var/tmp


       


         3. Extract the contents of "6244556_fix.tar.Z":

       



       
    # zcat 6244556_fix.tar.Z | tar xvf -


       


         4. Make the utility executable:

       



       
    # chmod 755 SE6130_6244556


       


         Complete instructions for running the utility are included in the README file.

       



       


         Note: Successful implementation for every fixed array should be communicated back to the product team by sending an Email to [email protected].

       



       


         See details in the README.

       



       




       



 Internal Contributor/submitter

 [email protected]



 Internal Eng Business Unit Group

 NWS (Network Storage)



 Internal Eng Responsible Engineer

 [email protected]



 Internal Services Knowledge Engineer

 [email protected]



 Internal Sun Alert Kasp Legacy ID

 101679, 57771 (Sun Alert)



 Internal Sun Alert & FAB Admin Info

 Critical Category: Security ==> Vulnerability

 Significant Change Date: 2005-05-05

 Avoidance: Workaround

 Responsible Manager: [email protected]

 Original Admin Info: This document has been imported from KMS Creator and may need adjustment before re-publishing.



 This imported document has been reviewed/adjusted by:

  Review Name: 

  Review Date: 



 The following field(s) have been migrated with dummy values and need adjustment:

  Original Product:      Sun StorEdge 6130 Array (SE6130)

  Migrated Product: SunTea v3.55 (Dummy)



 Original KMS Creator attributes below:



 --- PLEASE DO NOT MAKE ANY CHANGES BELOW THIS LINE! ---



 Sun Alert ID: 57771

 Synopsis: A Limited Number of Sun StorEdge 6130 Arrays May be Vulnerable to Unauthorized Access

 Category: Security

 Product: Sun StorEdge 6130 Array (SE6130)

 BugIDs: 6244556

 Avoidance: Workaround

 State: Resolved

 Date Released: 05-May-2005

 Date Closed: 05-May-2005

 Date Modified: 

 Escalation IDs: 

 Pending Patches: 

 Resolution Patches: See, above

 FIN: I1190-1

 FCO: 

 Date Submitted: 15-Apr-2005

 Submitter: [email protected]

 Responsible Engineer: [email protected]

 Responsible Manager: [email protected]

 CTE group: NWS

 Responsible Writer: [email protected]

 Distribution: Public SunSolve



 Workflow History:



 WF State: Issued, 06-May-2005, Jeff Folla

 WF Note:  This sun alert is not showing on sunsolve.  Called Jeff B. to look into this.





 WF State: Issued, 05-May-2005, Jeff Folla

 WF Note:  Customer letter was approved.  Sending for release.



 WF State: Draft, 03-May-2005, Jeff Folla

 WF Note:  Awaitng approval of customer letter before release.



 WF State: Draft, 22-Apr-2005, Jeff Folla

 WF Note:  Sent for security review.



 WF State: Draft, 18-Apr-2005, Jeff Folla

 WF Note:  Sent to group for approval before sending for security review.



 WF State: Draft, 18-Apr-2005, Jeff Folla

 WF Note:  Article created.



 Exported from KMS Creator Sat May 21 09:49:08 2005 GMT, [email protected]

 Internal SA-FAB Eng Submission

 A Limited Number of Sun StorEdge 6130 Arrays May be Vulnerable to Unauthorized Access





Attachments

This solution has no attachment


















       

Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.

 Feedback