SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Embedded Server/Appliance)  >  Sun SPARC Enterprise Server Vendors:  Sun
Sun System Firmware Bug Lets Local Users Access Data From Other Logical Domains
SecurityTracker Alert ID:  1021153
SecurityTracker URL:  http://securitytracker.com/id?1021153
CVE Reference:  CVE-2008-4992   (Links to External Site)
Updated:  Jan 3 2009
Original Entry Date:  Nov 6 2008
Impact:  Disclosure of system information, Disclosure of user information
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  Sun Alert
Version(s): Sun System Firmware 6.6.x, 7.1.x
Description:  A vulnerability was reported in Sun System Firmware on certain Sun SPARC Enterprise, Sun Netra, Sun Blade, and Sun Fire systems. A local user can obtain data from other logical domains on the target system.

A local privileged user in one logical domain (ldm(1M)) may be able to gain access to memory in another logical domain.

Certain systems using the Sun UltraSPARC T1, UltraSPARC T2, and UltraSPARC T2+ processors are affected when running multiple domains.

The following systems are affected when running multiple domains:

* Sun SPARC Enterprise T5140/T5240 running Sun System Firmware 7.1.3.d or 7.1.3.e
* Sun Netra T5220 running Sun System Firmware 7.1.3
* Sun SPARC Enterprise T5120/T5220 running Sun System Firmware 7.1.3.d or 7.1.3.e
* Sun Blade T6320 running Sun System Firmware 7.1.3.d or 7.1.3.e
* Sun Fire / SPARC Enterprise T2000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
* Sun Fire / SPARC Enterprise T1000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
* Sun Netra T2000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
* Sun Netra CP3060 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
* Sun Blade T6300 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
Impact:  A local privileged user in one logical domain can obtain data from other logical domains on the target system.
Solution:  The vendor has issued the following fixes:

* Sun SPARC Enterprise T5140/T5240 Sun System Firmware 7.1.6 (as delivered in patch 136936-07 or later)
* Sun Netra T5220 Sun System Firmware 7.1.4.a (as delivered in patch 136934-03 or later)
* Sun SPARC Enterprise T5120/T5220 Sun System Firmware 7.1.6 (as delivered in patch 136932-04 or later)
* Sun Blade T6320 Sun System Firmware 7.1.6 (as delivered in patch 136933-06 or later)
* Sun Fire / SPARC Enterprise T2000 Sun System Firmware 6.6.7 (as delivered in patch 136927-05 or later)
* Sun Fire / SPARC Enterprise T1000 Sun System Firmware 6.6.7 (as delivered in patch 136928-05 or later)
* Sun Netra T2000 Sun System Firmware 6.6.7 (as delivered in patch 136929-05 or later)
* Sun Netra CP3060 Sun System Firmware 6.6.7 (as delivered in patch 136930-05 or later)
* Sun Blade T6300 Sun System Firmware 6.6.7 (as delivered in patch 136931-05 or later)

The vendor's advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-244826-1
Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-66-244826-1 (Links to External Site)
Cause:  Access control error

Message History:   None.

 Source Message Contents
Date:  Thu, 6 Nov 2008 15:25:33 -0500
Subject:  http://sunsolve.sun.com/search/document.do?assetkey=1-66-244826-1


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC