=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN492
_____________________________________________________________________

DATE                      : 07/11/2008

HARDWARE PLATFORM(S)      : Sun SPARC.

OPERATING SYSTEM(S)       : Sun System Firmware.

======================================================================
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-244826-1
______________________________________________________________________

   Solution Type: Sun Alert
   Solution  244826 :   A Security Vulnerability in the Sun System
   Firmware on Certain SPARC Systems May Allow Unauthorized Data Access
   Bug ID: 6721010

   Product
   Sun System Firmware 6.6.x
   Sun System Firmware 7.1.x

   Date of Resolved Release: 05-Nov-2008

   SA Document Body
   A Security Vulnerability in the Sun System Firmware on Certain SPARC Systems
   May Allow Unauthorized Data Access

   1. Impact
   A security vulnerability in the firmware for certain Sun SPARC Systems
   using the Sun UltraSPARC T1, UltraSPARC T2, and UltraSPARC T2+
   processors may allow unauthorized data access, where local privileged
   users in one Logical Domain (ldm(1M)) may be able to gain access to
   memory in another logical domain.

   2. Contributing Factors
   This issue can occur on the following platforms (when running multiple
   domains):
     * Sun SPARC Enterprise T5140/T5240 running Sun System Firmware
       7.1.3.d or 7.1.3.e
     * Sun Netra T5220 running Sun System Firmware 7.1.3
     * Sun SPARC Enterprise T5120/T5220 running Sun System Firmware
       7.1.3.d or 7.1.3.e
     * Sun Blade T6320 running Sun System Firmware 7.1.3.d or 7.1.3.e
     * Sun Fire / SPARC Enterprise T2000 running Sun System Firmware
       6.6.3, 6.6.4 or 6.6.5
     * Sun Fire / SPARC Enterprise T1000 running Sun System Firmware
       6.6.3, 6.6.4 or 6.6.5
     * Sun Netra T2000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
     * Sun Netra CP3060 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
     * Sun Blade T6300 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5

   Note 1:  No other Sun systems are affected by this issue.
   Note 2: This issue can only occur on systems (listed above) running
   multiple domains.
   Note 3:  To determine the Sun System Firmware version installed on a
   system, you can query from the Service Processor command line
   interface with the following commands:

   ILOM CLI:  "show /HOST"  (SysFW 7.x only)
   ALOM CLI:  "showhost"      (SysFW 7.x and 6.x)

   Example 1:  (look for "Sun System Firmware" version information
   underneath the "Properties" section)

   -> show /HOST
   /HOST
   Targets:
   .
   .
   Properties:
   .
   .
   sysfw_version =  Sun System Firmware 7.1.6.d 2008/09/15 17:11

   Example 2:
   sc> showhost
   Sun System Firmware 7.1.6.d 2008/09/15 17:11
   Host flash versions:
   Hypervisor 1.6.7.a 2008/08/30 05:18
   OBP 4.29.0.a 2008/09/15 12:01
   POST 4.29.0.a 2008/09/15 12:27
   sc>

   Note 4: To determine if the system is running multiple domains, and is
   therefore potentially vulnerable, the LDoms Manager package
   (SUNWldm(1M)) includes a command to list the domains:
   Example 1:  This is a single-domained system:
   # /opt/SUNWldm/bin/ldm list
   NAME             STATE      FLAGS   CONS    VCPU  MEMORY   UTIL  UPTIME
   primary          active     -n-c--  SP      64    65408M    11%  57m

   Example 2:  This is a multi-domained system with the 2nd domain
   active.
   # /opt/SUNWldm/bin/ldm list
   NAME             STATE      FLAGS   CONS    VCPU  MEMORY   UTIL  UPTIME
   primary          active     -n-cv-  SP      32    2G       1.0%  8m
   foo              active     -t----  5000    16    2G       6.2%  0s

   Example 3:  This is a multi-domained system with the 2nd domain
   quiesced:
   # /opt/SUNWldm/bin/ldm list
   NAME             STATE      FLAGS   CONS    VCPU  MEMORY   UTIL  UPTIME
   primary          active     -n-cv-  SP      32    2G        57%  11m
   foo              inactive   ------          16    2G

   3. Symptoms
   There are no predictable symptoms to indicate this issue has been
   exploited to gain unauthorized data access to the system.

   4. Workaround
   To work around the described issue until the resolution patches can be
   applied, restrict privileged access only to trusted users.

   5. Resolution

   This issue is addressed for these platforms in the following releases:
     * Sun SPARC Enterprise T5140/T5240 Sun System Firmware 7.1.6 (as
       delivered in patch 136936-07 or later)
     * Sun Netra T5220 Sun System Firmware 7.1.4.a (as delivered in patch
       136934-03 or later)
     * Sun SPARC Enterprise T5120/T5220 Sun System Firmware 7.1.6 (as
       delivered in patch 136932-04 or later)
     * Sun Blade T6320 Sun System Firmware 7.1.6  (as delivered in patch
       136933-06 or later)
     * Sun Fire / SPARC Enterprise T2000 Sun System Firmware 6.6.7 (as
       delivered in patch 136927-05 or later)
     * Sun Fire / SPARC Enterprise T1000 Sun System Firmware 6.6.7 (as
       delivered in patch 136928-05 or later)
     * Sun Netra T2000 Sun System Firmware 6.6.7 (as delivered in patch
       136929-05 or later)
     * Sun Netra CP3060 Sun System Firmware 6.6.7 (as delivered in patch
       136930-05 or later)
     * Sun Blade T6300 Sun System Firmware 6.6.7 (as delivered in patch
       136931-05 or later)

   For more information on Security Sun Alerts, see Technical
   Instruction ID 213557.
   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided by
   third parties. The issues described in this Sun Alert notification may
   or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
   NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
   YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
   INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
   OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
   This Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions of
   your agreement to purchase services from Sun, or, if you do not have
   such an agreement, the Sun.com Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these
   agreements.

   Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================