Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation resources documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability
vulnerability CVE-2009-0171
Sun SPARC M4000/M5000: root access

Synthesis of the vulnerability
An attacker can connect as root, on some Sun SPARC M4000/M5000 versions.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: user console.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 15/01/2009.
Revision date: 20/01/2009.

Impacted products

Description of the vulnerability
Sun SPARC Enterprise Mx000 models contains XSCF (eXtended System Control Facility) to monitor the hardware and remotely administer it.

SPARC Enterprise M4000/M5000 servers manufactured between the 15th of September 2008 (beginning of week 38) and the 5th of December 2008 (end of week 49) are incorrectly configured. An attacker can connect to XSCFU without knowing the root password. Technical details are unknown.

An attacker can therefore administer some Sun SPARC M4000/M5000 versions.

Characteristics
Title: Sun SPARC M4000/M5000: root access
Identifiers: 249126, 6787023, BID-33280, CVE-2009-0171, VIGILANCE-VUL-8395.
Url: https://vigilance.fr/tree/1/8395

Information sources
Publications and announces
Source example: Incorrect Software Setting Prior to Shipping on Certain Sun SPARC M4000/M5000 Servers May Allow Unauthorized Access

Solutions for this vulnerability
Patch or workaround



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française