AusCERT - ESB-2005.0995 -- [Solaris] -- Sun Fire T2000 Server requires mandatory patches

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ESB-2005.0995 -- [Solaris] -- Sun Fire T2000 Server requires mandatory patches
Date: 28 October 2007

Click here for printable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                        ESB-2005.0995 -- [Solaris]
             Sun Fire T2000 Server requires mandatory patches
                              29 October 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Sun Fire T2000 Server
Publisher:            Sun Microsystems
Operating System:     Solaris 10
Platform:             Sun Fire T2000 Server
Impact:               Denial of Service
                      Reduced Security
Access:               Remote/Unauthenticated

Revision History:  October 29 2007: Resolution updated for clarity
                   May 15 2006: Resolution section updated
                   December 19 2005: Initial Release

- - --------------------------BEGIN INCLUDED TEXT--------------------

Sun(sm) Alert Notification
     * Sun Alert ID: 102099
     * Synopsis: Mandatory Patches and "/etc/system" Settings Are
       Required for Correct Operation of T2000
     * Category: Availability
     * Product: Sun Fire T2000 Server
     * BugIDs: 6338258, 6338338, 6315997, 6274126, 6332746
     * Avoidance: Patch, Workaround
     * State: Resolved
     * Date Released: 16-Dec-2005, 04-May-2006
     * Date Closed: 04-May-2006
     * Date Modified: 04-May-2006, 12-May-2006, 22-Oct-2007

1. Impact

   The Sun Fire T2000 Server requires the installation of certain
   specific Solaris 10 patches and configuration settings in
   "/etc/system" to operate correctly.

2. Contributing Factors

   This issue can occur on the following platform:
     * Sun Fire T2000 Server (running Solaris 10 HW update 2) without
       patches 118822-23, 119578-10, 121236-01, 121265-01,
       119981-05, 120824-03, 120849-02, and 118918-09

   and without these settings in the "/etc/system" file:
    set segkmem_lpsize=0x400000
    set pcie:pcie_aer_ce_mask=0x1

   Notes:
    1. The above patches and "/etc/system" settings only apply on those
       T2000 systems with Solaris 10 HW update 2.
    2. The patches listed above and changes to "/etc/system" entries are
       mandatory for proper system operation.
    3. Solaris 8 and 9 are not supported on the T2000 platform.

3. Symptoms

   Potential issues that may arise without the recommended
   patches/configurations for the T2000 may include data loss,
   availability or security issues. 

4. Relief/Workaround

   To avoid the described issues, the following mandatory patches must be
   applied:
     * 118822-23 or later
     * 119578-10 or later
     * 121236-01 or later
     * 121265-01 or later
     * 119981-05 or later
     * 120824-03 or later
     * 120849-02 or later
     * 118918-09 or later

   along with the following entries that must be set in the "/etc/system"
   file:
    set segkmem_lpsize=0x400000
    set pcie:pcie_aer_ce_mask=0x1

   Note: These mandatory patches and settings must be applied to the
   factory installed version of Solaris 10 on the T2000 (and verified as
   installed), or after any new Solaris software installation or
   re-installation of Solaris 10 on the T2000.

   Information on required patches and settings as listed above is
   documented in the Sun Fire T2000 Server Product Notes which can be
   downloaded from
   http://www.sun.com/products-n-solutions/hardware/docs/Servers/cool
   threads/t2000/index.html. (Please check the product notes periodically
   for updates to patches and workarounds).

   Specifically, see the "Required Patches" and "Mandatory /etc/system
   File Entries" sections relating to these issues.

5. Resolution

   The T2000 is now shipping with Solaris 10 update 1, which contains the
   required patches for proper operation.

   Note: The "/etc/system" changes required for earlier Solaris releases
   are not required with Solaris 10 08/07.

   The "/etc/system" file for Solaris 10 11/06 will still need to be
   modified to add the line:
    set pcie:pcie_aer_ce_mask=0x1

   For more specific information on setting these parameters for Solaris
   on the T2000, please see "Recommended /etc/system parameters for Sun
   Fire T2000 systems" at:

   http://www.sun.com/servers/coolthreads/tnb/parameters.jsp

Change History

   04-May-2006:
     * Update Resolution section

   12-May-2006:
     * Updated Contributing Factors and Resolution sections

   22-Oct-2007:
     * Updated Resolution section for clarification

   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided by
   third parties. The issues described in this Sun Alert notification may
   or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
   NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
   YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
   INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
   OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
   This Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions of
   your agreement to purchase services from Sun, or, if you do not have
   such an agreement, the Sun.com Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these
   agreements.

   Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved


- - --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRyVu9yh9+71yA2DNAQLH/wP/SHu0X22Ktl+54IpHDZfrSE8XQ8RUcyX8
iLybJCGFn/U4/YAVE0Ra9rRTzTi7z1fhgM9DpNB9NgbnC6pWOzCXAw8iOKpOiBcG
a0IT7u9/OMjAhqANb34c1SuVNFyGZFCCezrjBut0K3dd/5lHlbtXJiQ07ndnnq/v
VspYcHGx5Aw=
=tPfq
-----END PGP SIGNATURE-----