search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Sun StorEdge 6130 array may allow unauthorized users to delete data

Vulnerability Note VU#812438

Original Release Date: 2005-05-11 | Last Revised: 2005-05-12

Overview

Some Sun StorEdge 6130 controller arrays may contain a flaw that allows a remote unprivileged user to gain unintended access and to delete arbitrary data.

Description

Sun StorEdge 6130 controller arrays with a serial number in the range 0451AWF00G - 0513AWF00J may contain an unknown flaw that allows a remote unprivileged attacker to obtain unauthorized access to the array. This access may allow the attacker to delete arbitrary data from the array.

Expansion trays and controller arrays with other serial numbers are not affected. Please reference SunSolve document 57771 for more details, such as how to obtain the serial number of an array.

Impact

Remote unauthenticated users may be able to delete arbitrary data from the array.

Solution

Contact Your Vendor

Sun Microsystems SunSolve document 57771 advises:

Customers with an array that falls within the serial number range defined above should contact their Sun authorized service provider and reference this Sun Alert to obtain a utility which will resolve this issue.

Please reference SunSolve document 57771 for more details.

Vendor Information

812438
 
Expand all

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Sun Alert Notification for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

CVE IDs: None
Severity Metric: 5.67
Date Public: 2005-05-06
Date First Published: 2005-05-11
Date Last Updated: 2005-05-12 02:34 UTC
Document Revision: 6

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis