Vulnerability Note VU#812438

Sun StorEdge 6130 array may allow unauthorized users to delete data

Overview

Some Sun StorEdge 6130 controller arrays may contain a flaw that allows a remote unprivileged user to gain unintended access and to delete arbitrary data.

I. Description

Sun StorEdge 6130 controller arrays with a serial number in the range 0451AWF00G - 0513AWF00J may contain an unknown flaw that allows a remote unprivileged attacker to obtain unauthorized access to the array. This access may allow the attacker to delete arbitrary data from the array.

Expansion trays and controller arrays with other serial numbers are not affected. Please reference SunSolve document 57771 for more details, such as how to obtain the serial number of an array.

II. Impact

Remote unauthenticated users may be able to delete arbitrary data from the array.

III. Solution

Contact Your Vendor

Sun Microsystems SunSolve document 57771 advises:

Customers with an array that falls within the serial number range defined above should contact their Sun authorized service provider and reference this Sun Alert to obtain a utility which will resolve this issue.

Please reference SunSolve document 57771 for more details.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Sun Microsystems Inc.	Vulnerable	11-May-2005

References

http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-57771-1
http://secunia.com/advisories/15306/

Credit

Thanks to Sun Alert Notification for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

Date Public:	2005-05-06
Date First Published:	2005-05-11
Date Last Updated:	2005-05-11
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	5.67
Document Revision:	6

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader