----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/

----------------------------------------------------------------------

TITLE:
Sun SPARC System Firmware Unauthorised Data Access

SECUNIA ADVISORY ID:
SA32582

VERIFY ADVISORY:
http://secunia.com/advisories/32582/

CRITICAL:
Not critical

IMPACT:
Security Bypass

WHERE:
Local system

REVISION:
1.1 originally posted 2008-11-07

OPERATING SYSTEM:

http://secunia.com/advisories/product//

http://secunia.com/advisories/product//
Sun System Firmware 7.1.x
http://secunia.com/advisories/product/19455/
Sun System Firmware 6.6.x
http://secunia.com/advisories/product/11217/

DESCRIPTION:
A vulnerability has been reported in Sun System Firmware, which can
be exploited by malicious, local users to bypass certain security
restrictions.

The vulnerability is caused due to an unspecified error in the
firmware for certain Sun SPARC systems, which can be exploited by
privileged users to access memory in another logical domain.

The vulnerability affects systems using the Sun UltraSPARC T1,
UltraSPARC T2, and UltraSPARC T2+ processors.

The vulnerability is reported in the following products and firmware
versions:
* Sun SPARC Enterprise T5140/T5240 running Sun System Firmware
7.1.3.d or 7.1.3.e
* Sun Netra T5220 running Sun System Firmware 7.1.3
* Sun SPARC Enterprise T5120/T5220 running Sun System Firmware
7.1.3.d or 7.1.3.e
* Sun Blade T6320 running Sun System Firmware 7.1.3.d or 7.1.3.e
* Sun Fire / SPARC Enterprise T2000 running Sun System Firmware
6.6.3, 6.6.4 or 6.6.5
* Sun Fire / SPARC Enterprise T1000 running Sun System Firmware
6.6.3, 6.6.4 or 6.6.5
* Sun Netra T2000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
* Sun Netra CP3060 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5
* Sun Blade T6300 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5

SOLUTION:
Update to fixed versions.

* Sun SPARC Enterprise T5140/T5240 Sun System Firmware 7.1.6 (as
delivered in patch 136936-07 or later)
* Sun Netra T5220 Sun System Firmware 7.1.4.a (as delivered in patch
136934-03 or later)
* Sun SPARC Enterprise T5120/T5220 Sun System Firmware 7.1.6 (as
delivered in patch 136932-04 or later)
* Sun Blade T6320 Sun System Firmware 7.1.6  (as delivered in patch
136933-06 or later)
* Sun Fire / SPARC Enterprise T2000 Sun System Firmware 6.6.7 (as
delivered in patch 136927-05 or later)
* Sun Fire / SPARC Enterprise T1000 Sun System Firmware 6.6.7 (as
delivered in patch 136928-05 or later)
* Sun Netra T2000 Sun System Firmware 6.6.7 (as delivered in patch
136929-05 or later)
* Sun Netra CP3060 Sun System Firmware 6.6.7 (as delivered in patch
136930-05 or later)
* Sun Blade T6300 Sun System Firmware 6.6.7 (as delivered in patch
136931-05 or later)

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

CHANGELOG:
2008-11-11: Added CVE reference.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244826-1

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------