---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Sun SPARC System Firmware Unauthorised Data Access SECUNIA ADVISORY ID: SA32582 VERIFY ADVISORY: http://secunia.com/advisories/32582/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: Local system REVISION: 1.1 originally posted 2008-11-07 OPERATING SYSTEM: http://secunia.com/advisories/product// http://secunia.com/advisories/product// Sun System Firmware 7.1.x http://secunia.com/advisories/product/19455/ Sun System Firmware 6.6.x http://secunia.com/advisories/product/11217/ DESCRIPTION: A vulnerability has been reported in Sun System Firmware, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to an unspecified error in the firmware for certain Sun SPARC systems, which can be exploited by privileged users to access memory in another logical domain. The vulnerability affects systems using the Sun UltraSPARC T1, UltraSPARC T2, and UltraSPARC T2+ processors. The vulnerability is reported in the following products and firmware versions: * Sun SPARC Enterprise T5140/T5240 running Sun System Firmware 7.1.3.d or 7.1.3.e * Sun Netra T5220 running Sun System Firmware 7.1.3 * Sun SPARC Enterprise T5120/T5220 running Sun System Firmware 7.1.3.d or 7.1.3.e * Sun Blade T6320 running Sun System Firmware 7.1.3.d or 7.1.3.e * Sun Fire / SPARC Enterprise T2000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5 * Sun Fire / SPARC Enterprise T1000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5 * Sun Netra T2000 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5 * Sun Netra CP3060 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5 * Sun Blade T6300 running Sun System Firmware 6.6.3, 6.6.4 or 6.6.5 SOLUTION: Update to fixed versions. * Sun SPARC Enterprise T5140/T5240 Sun System Firmware 7.1.6 (as delivered in patch 136936-07 or later) * Sun Netra T5220 Sun System Firmware 7.1.4.a (as delivered in patch 136934-03 or later) * Sun SPARC Enterprise T5120/T5220 Sun System Firmware 7.1.6 (as delivered in patch 136932-04 or later) * Sun Blade T6320 Sun System Firmware 7.1.6 (as delivered in patch 136933-06 or later) * Sun Fire / SPARC Enterprise T2000 Sun System Firmware 6.6.7 (as delivered in patch 136927-05 or later) * Sun Fire / SPARC Enterprise T1000 Sun System Firmware 6.6.7 (as delivered in patch 136928-05 or later) * Sun Netra T2000 Sun System Firmware 6.6.7 (as delivered in patch 136929-05 or later) * Sun Netra CP3060 Sun System Firmware 6.6.7 (as delivered in patch 136930-05 or later) * Sun Blade T6300 Sun System Firmware 6.6.7 (as delivered in patch 136931-05 or later) PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. CHANGELOG: 2008-11-11: Added CVE reference. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244826-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------