Vulnerability in management function of Sun Fire X2100/X2200
A vulnerability has been found in the Embedded Lights Out Manager (ELOM) software for Service Processors – hardware for remote server management – for Sun Fire X2100 and X2200. The security hole allows attackers to remotely enter commands, which are then executed with root privileges. According to Sun's security advisory, attackers do not need system rights on the service processor, but it remains unclear whether valid access credentials are required.
Sun has not divulged any additional details. Administrators are, however, advised to download and install firmware update 2.70 or later as soon as possible. If they cannot do so, they should restrict access to the Service Processor by connecting it only with a protected management network or only via a serial port.
- Sun Fire X2100/X2200 M2 Servers ELOM Software is Vulnerable to Arbitrary Command Execution, Sun's security advisory
- Download the current CD-ISO image of firmware for Sun Fire X2100
- Download the current CD-ISO image of firmware for Sun Fire X2200
(mba)