Date: 28 October 2007
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2005.0995 -- [Solaris]
Sun Fire T2000 Server requires mandatory patches
29 October 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Sun Fire T2000 Server
Publisher: Sun Microsystems
Operating System: Solaris 10
Platform: Sun Fire T2000 Server
Impact: Denial of Service
Reduced Security
Access: Remote/Unauthenticated
Revision History: October 29 2007: Resolution updated for clarity
May 15 2006: Resolution section updated
December 19 2005: Initial Release
- - --------------------------BEGIN INCLUDED TEXT--------------------
Sun(sm) Alert Notification
* Sun Alert ID: 102099
* Synopsis: Mandatory Patches and "/etc/system" Settings Are
Required for Correct Operation of T2000
* Category: Availability
* Product: Sun Fire T2000 Server
* BugIDs: 6338258, 6338338, 6315997, 6274126, 6332746
* Avoidance: Patch, Workaround
* State: Resolved
* Date Released: 16-Dec-2005, 04-May-2006
* Date Closed: 04-May-2006
* Date Modified: 04-May-2006, 12-May-2006, 22-Oct-2007
1. Impact
The Sun Fire T2000 Server requires the installation of certain
specific Solaris 10 patches and configuration settings in
"/etc/system" to operate correctly.
2. Contributing Factors
This issue can occur on the following platform:
* Sun Fire T2000 Server (running Solaris 10 HW update 2) without
patches 118822-23, 119578-10, 121236-01, 121265-01,
119981-05, 120824-03, 120849-02, and 118918-09
and without these settings in the "/etc/system" file:
set segkmem_lpsize=0x400000
set pcie:pcie_aer_ce_mask=0x1
Notes:
1. The above patches and "/etc/system" settings only apply on those
T2000 systems with Solaris 10 HW update 2.
2. The patches listed above and changes to "/etc/system" entries are
mandatory for proper system operation.
3. Solaris 8 and 9 are not supported on the T2000 platform.
3. Symptoms
Potential issues that may arise without the recommended
patches/configurations for the T2000 may include data loss,
availability or security issues.
4. Relief/Workaround
To avoid the described issues, the following mandatory patches must be
applied:
* 118822-23 or later
* 119578-10 or later
* 121236-01 or later
* 121265-01 or later
* 119981-05 or later
* 120824-03 or later
* 120849-02 or later
* 118918-09 or later
along with the following entries that must be set in the "/etc/system"
file:
set segkmem_lpsize=0x400000
set pcie:pcie_aer_ce_mask=0x1
Note: These mandatory patches and settings must be applied to the
factory installed version of Solaris 10 on the T2000 (and verified as
installed), or after any new Solaris software installation or
re-installation of Solaris 10 on the T2000.
Information on required patches and settings as listed above is
documented in the Sun Fire T2000 Server Product Notes which can be
downloaded from
http://www.sun.com/products-n-solutions/hardware/docs/Servers/cool
threads/t2000/index.html. (Please check the product notes periodically
for updates to patches and workarounds).
Specifically, see the "Required Patches" and "Mandatory /etc/system
File Entries" sections relating to these issues.
5. Resolution
The T2000 is now shipping with Solaris 10 update 1, which contains the
required patches for proper operation.
Note: The "/etc/system" changes required for earlier Solaris releases
are not required with Solaris 10 08/07.
The "/etc/system" file for Solaris 10 11/06 will still need to be
modified to add the line:
set pcie:pcie_aer_ce_mask=0x1
For more specific information on setting these parameters for Solaris
on the T2000, please see "Recommended /etc/system parameters for Sun
Fire T2000 systems" at:
http://www.sun.com/servers/coolthreads/tnb/parameters.jsp
Change History
04-May-2006:
* Update Resolution section
12-May-2006:
* Updated Contributing Factors and Resolution sections
22-Oct-2007:
* Updated Resolution section for clarification
This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved
- - --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRyVu9yh9+71yA2DNAQLH/wP/SHu0X22Ktl+54IpHDZfrSE8XQ8RUcyX8
iLybJCGFn/U4/YAVE0Ra9rRTzTi7z1fhgM9DpNB9NgbnC6pWOzCXAw8iOKpOiBcG
a0IT7u9/OMjAhqANb34c1SuVNFyGZFCCezrjBut0K3dd/5lHlbtXJiQ07ndnnq/v
VspYcHGx5Aw=
=tPfq
-----END PGP SIGNATURE-----
|