SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Sun SPARC Enterprise Server Vendors:   Oracle, Sun
Sun SPARC Server Bug in Integrated Lights Out Manager Lets Local Users Access Data
SecurityTracker Alert ID:  1027677
SecurityTracker URL:  http://securitytracker.com/id/1027677
CVE Reference:   CVE-2012-3155   (Links to External Site)
Date:  Oct 17 2012
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Sun SPARC Server. A local user can access data on the target system.

The vulnerability resides in the Integrated Lights Out Manager command line interface.

The SPARC T3, Netra SPARC T3, SPARC T4, and Netra SPARC T4 systems are affected.

The following researchers reported these and other Oracle vulnerabilities:

Alexandr Polyakov of Digital Security; Andy Yang; Dana Lane Taylor of the University of Pennsylvania; Dominic Sim, Agus Komang; Esteban Martinez Fayo of Application Security, Inc.; Florian Lukavsky of SEC Consult Vulnerability Lab; Francis Provencher
via Secunia SVCRP; John Zimmerman; Martin Carpenter of Citco; Martin Rakhmanov of Application Security, Inc.; Microsoft Vulnerability Research of Microsoft Corp; Paul Harrington of NGS Secure; Pavel Toporkov of Positive Technologies; Ronnie Sahlberg;
Sam Thomas of Pentest Limited; Sjoerd Resink of Fox-IT; Thomas Biege of SUSE; Travis Emmert; and Travis Emmert of Veracode.

Impact:   A local user can access data on the target system.
Solution:   The vendor has issued a fix, described in their October 2012 Critical Patch Update advisory.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Vendor URL:  www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC