|
|
ESB-2008.0489 -- [Appliance][Solaris] -- DoS vulnerability in Sun StorEdge |
|
Date: 12 May 2008 Original URL: http://www.auscert.org.au/render.html?cid=33&it=9261 Click here for PGP verifiable version -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.0489 -- [Appliance][Solaris]
DoS vulnerability in Sun StorEdge
12 May 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Sun StorEdge
Publisher: Sun Microsystems
Operating System: Solaris
Network Appliance
Impact: Denial of Service
Access: Console/Physical
Original Bulletin:
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-237605-1
- --------------------------BEGIN INCLUDED TEXT--------------------
Solution Type: Sun Alert
Solution 237605 : T3B and Sun StorEdge 6120 arrays may go down
unexpectedly and lose host connectivity after 994 days of continuous
operation
Bug ID: 6643328
Product
Sun StorEdge T3B, Sun StorEdge 6120, Sun StorEdge 6320, Sun StorEdge 3910,
Sun StorEdge 3960, Sun StorEdge 6910, Sun StorEdge 6920, Sun StorEdge 6960
Date of Resolved Release: 08-May-2008
SA Document Body
T3B and Sun StorEdge 6120 arrays may go down unexpectedly and lose host
connectivity after 994 days of continuous operation
1. Impact
Firmware version 2.1.4 (and later) for Sun StorEdge T3B arrays,
firmware version 3.0.0 (and later) for Sun StorEdge 6120, baseline
firmware 2.3.2 (and later) for the Sun StorEdge 3910/3960/6910/6960,
baseline firmware 1.1 (and later) for Sun StorEdge 6320 and baseline
firmware 2.0.3 (and later) for Sun StorEdge 6920 are subject to the
following issue which could affect array availability and possibly
data:
These arrays may go down unexpectedly and lose host connectivity for
several minutes if the array has run continuously for 994 days without
a complete power cycle. Data may be inaccessible, with a possible
loss of data integrity.
2. Contributing Factors
This issue can occur on the following platforms:
* Sun StorEdge T3B with firmware 2.1.4 or later
* Sun StorEdge 6120 with firmware 3.0.0 or later
* Sun StorEdge 3910/3960/6910/6960 with baseline firmware 2.3.2 or
later
* Sun StorEdge 6320 with baseline firmware 1.1 or later
* Sun StorEdge 6920 with baseline firmware 2.0.3 or later
To determine the firmware revision on one of these systems, the
following command can be run directly on the T3B or 6120:
6120:/:<1>ver
6120 Release 3.1.6 Thu Feb 3 16:48:03 PST 2005 (10.16.10.131)
Copyright (C) 1997-2003 Sun Microsystems, Inc., All Rights Reserved
The 3910, 3960, 6910, 6960, 6320 and 6920 would require a telnet
connection to the T3B or 6120 internal array to run 'ver'.
3. Symptoms
If this issue occurs, systems may experience similar events as listed
below:
22709 Apr 22 19:46:27 array00 ISR1: W: ISP2200 LOOP DOWN
detected.
...
22762 Apr 22 19:51:46 array00 LPCT: N: u2d13 Bypassed on loop 2
22763 Apr 22 19:51:46 array00 LPCT: N: u2d14 Bypassed on loop 2
22764 Apr 22 19:51:51 array00 ROOT: N: Initializing loop 1 ISP2200
... firmware status = 3
22765 Apr 22 19:51:51 array00 ROOT: N: Detected 15 FC-AL ports on
loop 1
22766 Apr 22 19:51:51 array00 ROOT: N: loop 1 TARGET_ID = 0xf (ALPA
= 0xce)
22767 Apr 22 19:52:18 array00 ROOT: N: Initializing loop 2 ISP2200
... firmware status = 3
22768 Apr 22 19:52:18 array00 ROOT: N: Detected 29 FC-AL ports on
loop 2
22769 Apr 22 19:52:18 array00 ROOT: N: loop 2 TARGET_ID = 0xf (ALPA
= 0xce)
22770 Apr 22 19:53:05 array00 ROOT: N: u2ctr found 28 disks in the
system
22771 Apr 22 19:53:24 array00 ROOT: N: 6120 Release 3.2.6 Mon Feb
5 02:26:22 MST 2007 (192.168.0.40)
22772 Apr 22 19:53:24 array00 ROOT: N: u2ctr Reset (3000) lpc_hbt.c
line 290, Assert(0) => 0
Note: Although the event "uXctr Reset (3000) lpc_hbt.c line xxx,
Assert(0) => 0" is a good indicator for this issue, the complete array
logs should be analyzed to confirm this.
4. Workaround
To avoid this issue, power cycle the array no later than every 994
days (The recommendation is to power cycle the array every 2 years).
Note: Executing the command 'reset' on the array is not enough to
remedy this issue, a complete power cycle is required.
Procedure for the T3B and 6120:
1. Stop the I/O access to the array.
2. Wait 2 min.
3. Run 'shutdown' on the array.
4. Power off the array.
5. Wait 1 min.
6. Power on the array.
7. Resume the I/O access once you confirm that the array is up.
Procedure for the 3910, 3960, 6910 and 6960:
1. Stop the I/O access to the array.
2. Follow the procedure described in
http://docs.sun.com/app/docs/doc/816-5252-11 chapter 4.7 to
power off the array.
3. Follow the procedure described in
http://docs.sun.com/app/docs/doc/816-5252-11 chapter 4.4 to
power on the array.
Procedure for the 6320:
1. Stop the I/O access to the array.
2. Follow the procedure described in
http://docs.sun.com/app/docs/doc/816-7879-12 chapter 2.6.8 to
power off the array.
3. Follow the procedure described in
http://docs.sun.com/app/docs/doc/816-7879-12 chapter 2.6.7 to
power on the array.
4. Resume the I/O access once you confirm the array is up.
Procedure for the 6920:
1. Stop the I/O access to the array.
2. Follow the procedure described in
http://docs.sun.com/app/docs/doc/819-0123-10 chapter
"Performing a Partial Shutdown" (page 59) to power off the 6920.
3. Pull the power cables from the DSP.
4. Follow the procedure described in
http://docs.sun.com/app/docs/doc/819-0123-10 chapter "Restoring
the System After a Partial Shutdown" (page 60) to power on the
6920.
5. Wait 10 min.
6. Insert power cables back to the DSP.
7. Wait 5 min.
8. Resume the I/O access to the array.
5. Resolution
Please see the "Workaround" section above.
This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSCeV9Ch9+71yA2DNAQL5xwP+OIxSJ/HNFHZjBjsN6Sax0m6O4C7REKU+
pT7QXAdoNtUDDyEYcad7UwuBlJnpkcO/6gwJhAI6+vqYrNl5C4CYSRZLZeTNuHl6
OPhpYPQ41R2rGSsRc2/IlwDDOOPgpqfdT8vFiVoyAu1QJulohxxrHN5Dgxbts9xp
evXxBnrL4K8=
=egN/
-----END PGP SIGNATURE-----
|