Title : Sun Integrated Lights-Out Manager Denial of Service Vulnerability
Advisory ID : FrSIRT/ADV-2008-2890
CVE ID : GENERIC-MAP-NOMATCHRated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-10-22세부설명
==========
Sun Integrated Lights-Out Manager에서 공격자가 서비스 거부를 일으키거나 악의적인 사용자에 의해 제한된 보안을 우회 할 수
있는 취약점이 발견 되었다. 이 문제는 web interface내에서 에러가 발생하기 때문이다. 이것은 공격자가 service processor(sp)
에 인증없이 접근 가능하고 시스템을 종료시키거나 리셋할 수 있으며 서비스 거부상태로 만든다.
Sun server와 SunBlade들에서 이 취약점은 ILOM web interface를 가진 사용자가 인증없이 host 운영 시스템에 접근할 수 있다.
해결책
==========apply patches :
http://sunsolve.sun.com/search/document.do?assetkey=1-66-243486-1레퍼런스
==========http://www.frsirt.com/english/advisories/2008/2890
http://sunsolve.sun.com/search/document.do?assetkey=1-66-243486-1영향받는 버전
==========Sun SPARC Enterprise T5120 Server with firmware version 7.1.6 (ILOM 2.0.4.26) and prior
Sun SPARC Enterprise T5220 Server with firmware version 7.1.6 (ILOM 2.0.4.26) and prior
Sun SPARC Enterprise T5140 Server with firmware version 7.1.6 (ILOM 2.0.4.26) and prior
Sun SPARC Enterprise T5240 Server with firmware version 7.1.6 (ILOM 2.0.4.26) or earlier
Sun SPARC Enterprise T5440 Server with firmware version 7.1.5.b (ILOM 2.0.4.25) or earlier
Sun Blade T6320 Server Module with firmware version 7.1.6 (ILOM 2.0.4.26) and prior
Sun Netra T5220 Server with firmware version 7.1.6 (ILOM 2.0.4.26) and prior
Sun Netra T5440 Server with firmware version 7.1.4.a (ILOM 2.0.4.24.a) and prior
Sun Netra CP3260 ATCA Blade Server with firmware version 7.1.6 (ILOM 2.0.4.26) and prior
Sun Fire X4100 Server with SW version 1.5.1 (ILOM 2.0.2.5 build 32265) and prior
Sun Fire X4200 Server with SW version 1.5.1 (ILOM 2.0.2.5 build 32265) and prior
Sun Fire X4100M2 Server with SW version 2.1 (ILOM 2.0.2.10 build 35249) and prior
Sun Fire X4200M2 Server with SW version 2.1 (ILOM 2.0.2.10 build 35249) and prior
Sun Fire X4600 Server with SW version 1.4 (ILOM 2.0.2.5 build 32265) and prior
Sun Fire X4600M2 Server with SW version 2.1.2 (ILOM 2.0.2.5 build 32591) and prior
Sun Fire X4500 Server with SW version 1.5 (ILOM 2.0.2.5 build 34717) and prior
Sun Fire X4540 Server with SW version 1.0 (ILOM 2.0.2.5 build 32394)
Sun Fire X4140 Server with SW version 2.1 (ILOM 2.0.2.5 build 34) and prior
Sun Fire X4240 Server with SW version 2.1 (ILOM 2.0.2.5 build 34) and prior
Sun Fire X4440 Server with SW version 2.1 (ILOM 2.0.2.5 build 34) and prior
Sun Fire X2250 Server with SW version 1.1 (ILOM 2.0.2.8 build 33864) and prior
Sun Fire X4150 Server with SW version 2.0 (ILOM 2.0.2.6 build 35128) and prior
Sun Fire X4250 Server with SW version 1.1 (ILOM 2.0.2.6 build 35128) and prior
Sun Fire X4450 Server with SW version 2.1.0 (ILOM 2.0.2.6 Build 36202) and prior
Sun Blade 6000 Modular System with Chassis version 2.0 (ILOM 2.0.3.3 build 33795) and prior
Sun Blade 6048 Modular System with Chassis version 2.0 (ILOM 2.0.3.3 build 33795) and prior
Sun Blade X6220 with Server Module Software version 2.0 (ILOM 2.0.3.3 build 34514) and prior
Sun Blade X6250 with Server Module Software version 2.0 (ILOM 2.0.3.6 build 36279)
Sun Blade X6450 with Server Module Software version 2.0 (ILOM 2.0.3.6 build 36472)
Sun Blade 8000 Modular System with Software version 2.1.1 (ILOM 2.0.1.8) and prior
Sun Blade 8000P Modular System with Software version 2.1.1 (ILOM 2.0.1.8) and prior
Sun Blade X8400 with Software version 2.0.2 (ILOM 2.0.1.5) and prior
Sun Blade X8420 with Software version 2.0.2 (ILOM 2.0.1.5) and prior
Sun Blade X8440 with Software version 2.0.2 (ILOM 2.0.1.5) and prior
Sun Blade X8450 with Software version 2.1 (ILOM 2.0.1.7) and prior
Sun Netra X4200M2 Server with SW version 2.1 (ILOM 2.0.5.2 build 35521) and prior
Sun Netra X4250 Server with SW version 1.1 (ILOM 2.0.2.6 build 35369) and prior
Sun Netra X4450 with SW version 1.1 (ILOM 2.0.2.6 build 35369) and prior
sH4
