Sun Fire Server 'ipmitool' Lets Authenticated Users Gain Administrative Privileges
|
|
SecurityTracker Alert ID: 1017738
|
|
SecurityTracker URL: http://securitytracker.com/id?1017738
|
|
CVE Reference: CVE-2007-1346
(Links to External Site)
|
Updated: May 18 2008
|
Original Entry Date: Mar 8 2007
|
Impact: User access via local system, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): Sun Fire X2100M2 and X2200M2 Servers; prior to firmware 2.91
|
Description: A vulnerability was reported in Sun Fire Server Software. A local user or remote authenticated user can obtain elevated privileges on the target system.
A local user or remote authenticated user can exploit an unspecified flaw in the ipmitool(1m) utility to obtain administrative privileges. The user can then reset or power off the SunFire X2100M2 or SunFire X2200M2 server.
|
Impact: A local user or remote authenticated user can obtain administrative privileges on the target system.
|
Solution: The vendor has issued a fix (firmware version 2.91).
x86 Platform
* Sun Fire X2100M2 with BMC/SP Firmware 2.91 (included
with M2 Server 1.4 CD ISO release) at http://www.sun.com/servers/entry/x2100/downloads.jsp
* Sun Fire X2200M2 with BMC/SP
Firmware 2.91 (included with M2 Server 1.4 CD ISO release) at http://www.sun.com/servers/x64/x2200/downloads.jsp
The Sun advisory
is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102828-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102828-1 (Links to External Site)
|
Cause: Not specified
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 8 Mar 2007 00:29:09 -0500
Subject: Security Vulnerability in the ipmitool(1m) Interface to the Sun Fire X2100M2 and X2200M2 Servers
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102828-1
|
|
