Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-77-1019470.1
Update Date:2011-02-25
Keywords:
Solution Type  Sun Alert Sure

Solution  1019470.1 :   Security Vulnerability in Firmware for T5220, T5140 and T5240 Systems May Allow a Denial of Service (DoS)  

Related Items 
    

  • Sun Netra T5220 Server
    •  
  • Sun SPARC Enterprise T5240 Server
    •  
  • Sun SPARC Enterprise T5140 Server
    •  
Related Categories 
    

  • GCS>Sun Microsystems>Sun Alert>Criteria Category>Security
    •  
  • GCS>Sun Microsystems>Sun Alert>Release Phase>Resolved
    •  

PreviouslyPublishedAs
239930 


Bug Id

<SUNBUG: 6710098>


Product
Sun Netra T5220 Server

Sun SPARC Enterprise T5140 Server

Sun SPARC Enterprise T5240 Server

Date of Resolved Release
05-Aug-2008


Security Vulnerability in Firmware for T5220, T5140 and T5240 Systems May Allow a Denial of Service (DoS)


1. Impact


A security vulnerability in the firmware for Sun Netra T5220 systems
and SPARC Enterprise T5140 and T5240 systems may allow a local unprivileged
user to panic the system, which is a type of Denial of Service (DoS).



2. Contributing Factors



This issue can occur on the following platforms:

 SPARC Platform



  • Sun Netra T5220 Server with firmware version 7.1.3 and without patch 136934-03

  • SPARC Enterprise T5140 and T5240 Servers with firmware version 7.1.3.c and without patch 136936-06



    


Note: No other Sun systems are affected by this issue.



To determine the firmware version on the system, log in to the
service processor and run the 'showhost' command as in the
following example (from the T5220):




sc> showhost
Sun System Firmware 7.1.3 2008/05/27 09:53
Host flash versions:
Hypervisor 1.6.4 2008/05/27 08:45
OBP 4.28.6 2008/05/23 12:07
POST 4.28.6 2008/05/23 12:32



3. Symptoms



The system will panic or produce unpredictable results. The panic
string will include "BAD TRAP type=33" or  "BAD TRAP type=34". User applications may fail with a segmentation fault (SIGSEGV) and may also write a core file, depending on the user's privileges and the system-wide coreadm(1M) settings.



4. Workaround



There is no workaround for this issue. Please see the Resolution
section below.



5. Resolution



This issue is addressed on the following platforms:



SPARC Platform



  • Sun Netra T5220 Server with firmware version 7.1.4.a (as delivered in patch 136934-03 or later)

  • SPARC Enterprise T5140 and T5240 Servers with firmware version 7.1.3.d (as delivered in patch 136936-06 or later)



    





For more information
on Security Sun Alerts, see <Document: 1009886.1>.






This Sun Alert
notification is being provided to you on
an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.




Copyright 2000-2008 Sun Microsystems,
Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.

Modification History

28-Aug-2008: Updated Products, Impact, Contributing Factors and Resoluton sections




References
<SUNPATCH: 136934-03>

<SUNPATCH: 136936-06>



 Internal Comments

 Please send technical questions to the following email:

   [email protected]

 and CC the following persons:

   Internal Contributor/Submitter

   Internal Eng Responsible Engineer

   Internal Services Knowledge Engineer



 NOTE CP3260 is not affected by this issue even though there is a patch for  CP3260

 which lists this bug.

 Internal Contributor/submitter

 [email protected]



 Internal Eng Responsible Engineer

 [email protected]



 Internal Services Knowledge Engineer

 [email protected]



 Internal Eng Business Unit Group

 SSG NSN (Netra Systems and Networking)



 Internal Resolution Patches

 136934-03, 136936-06



 Internal Sun Alert & FAB Admin Info

 24-Jul-2008, david m: draft created, send for 24hr Security review, hold for patch release

 05-Aug-2008, david m: patch released, signoff OK, send to publish




References

SUNPATCH:136934-03

SUNPATCH:136936-06



Attachments

This solution has no attachment


















       

Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.

 Feedback