In association with heise online

31 October 2007, 11:12

Vulnerability in management function of Sun Fire X2100/X2200

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability has been found in the Embedded Lights Out Manager (ELOM) software for Service Processors – hardware for remote server management – for Sun Fire X2100 and X2200. The security hole allows attackers to remotely enter commands, which are then executed with root privileges. According to Sun's security advisory, attackers do not need system rights on the service processor, but it remains unclear whether valid access credentials are required.

Sun has not divulged any additional details. Administrators are, however, advised to download and install firmware update 2.70 or later as soon as possible. If they cannot do so, they should restrict access to the Service Processor by connecting it only with a protected management network or only via a serial port.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit