CERTA-2009-AVI-039

Vulnerability from certfr_avis - Published: 2009-01-29 - Updated: 2009-01-29

Une vulnérabilité est présente dans le système de gestion intégré des serveurs Sun Fire X2100 M2 et Sun Fire X2200 M2.

Description

Une vulnérabilité de nature non précisée par l'éditeur est présente dans le système de gestion intégré ELOM (Embedded Lights out Manager) des serveurs Sun Fire X2100 M2 et Sun Fire X2200 M2. Elle permet à un utilisateur malintentionné ayant accès à l'interface du ELOM d'y obtenir les droits d'administration ou d'exécuter des commandes arbitraires dans le contexte du SP (Service Processor).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
N/A N/A Sun Fire X2200 M2.
N/A N/A Sun Fire X2100 M2 ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sun Fire X2200 M2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Sun Fire X2100 M2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de nature non pr\u00e9cis\u00e9e par l\u0027\u00e9diteur est pr\u00e9sente dans\nle syst\u00e8me de gestion int\u00e9gr\u00e9 ELOM (Embedded Lights out Manager) des\nserveurs Sun Fire X2100 M2 et Sun Fire X2200 M2. Elle permet \u00e0 un\nutilisateur malintentionn\u00e9 ayant acc\u00e8s \u00e0 l\u0027interface du ELOM d\u0027y obtenir\nles droits d\u0027administration ou d\u0027ex\u00e9cuter des commandes arbitraires dans\nle contexte du SP (Service Processor).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2009-01-29T00:00:00",
  "last_revision_date": "2009-01-29T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #239886 du 28 janvier 2009    :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1"
    }
  ],
  "reference": "CERTA-2009-AVI-039",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans le syst\u00e8me de gestion int\u00e9gr\u00e9 des\nserveurs Sun Fire X2100 M2 et Sun Fire X2200 M2.\n",
  "title": "Vuln\u00e9rabilit\u00e9 des serveurs SunFire X2100 M2 et X2200 M2",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sun #239886 du 28 janvier 2009",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.