Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.0489 -- [Appliance][Solaris] DoS vulnerability in Sun StorEdge 12 May 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Sun StorEdge Publisher: Sun Microsystems Operating System: Solaris Network Appliance Impact: Denial of Service Access: Console/Physical Original Bulletin: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-237605-1 - --------------------------BEGIN INCLUDED TEXT-------------------- Solution Type: Sun Alert Solution 237605 : T3B and Sun StorEdge 6120 arrays may go down unexpectedly and lose host connectivity after 994 days of continuous operation Bug ID: 6643328 Product Sun StorEdge T3B, Sun StorEdge 6120, Sun StorEdge 6320, Sun StorEdge 3910, Sun StorEdge 3960, Sun StorEdge 6910, Sun StorEdge 6920, Sun StorEdge 6960 Date of Resolved Release: 08-May-2008 SA Document Body T3B and Sun StorEdge 6120 arrays may go down unexpectedly and lose host connectivity after 994 days of continuous operation 1. Impact Firmware version 2.1.4 (and later) for Sun StorEdge T3B arrays, firmware version 3.0.0 (and later) for Sun StorEdge 6120, baseline firmware 2.3.2 (and later) for the Sun StorEdge 3910/3960/6910/6960, baseline firmware 1.1 (and later) for Sun StorEdge 6320 and baseline firmware 2.0.3 (and later) for Sun StorEdge 6920 are subject to the following issue which could affect array availability and possibly data: These arrays may go down unexpectedly and lose host connectivity for several minutes if the array has run continuously for 994 days without a complete power cycle. Data may be inaccessible, with a possible loss of data integrity. 2. Contributing Factors This issue can occur on the following platforms: * Sun StorEdge T3B with firmware 2.1.4 or later * Sun StorEdge 6120 with firmware 3.0.0 or later * Sun StorEdge 3910/3960/6910/6960 with baseline firmware 2.3.2 or later * Sun StorEdge 6320 with baseline firmware 1.1 or later * Sun StorEdge 6920 with baseline firmware 2.0.3 or later To determine the firmware revision on one of these systems, the following command can be run directly on the T3B or 6120: 6120:/:<1>ver 6120 Release 3.1.6 Thu Feb 3 16:48:03 PST 2005 (10.16.10.131) Copyright (C) 1997-2003 Sun Microsystems, Inc., All Rights Reserved The 3910, 3960, 6910, 6960, 6320 and 6920 would require a telnet connection to the T3B or 6120 internal array to run 'ver'. 3. Symptoms If this issue occurs, systems may experience similar events as listed below: 22709 Apr 22 19:46:27 array00 ISR1: W: ISP2200 LOOP DOWN detected. ... 22762 Apr 22 19:51:46 array00 LPCT: N: u2d13 Bypassed on loop 2 22763 Apr 22 19:51:46 array00 LPCT: N: u2d14 Bypassed on loop 2 22764 Apr 22 19:51:51 array00 ROOT: N: Initializing loop 1 ISP2200 ... firmware status = 3 22765 Apr 22 19:51:51 array00 ROOT: N: Detected 15 FC-AL ports on loop 1 22766 Apr 22 19:51:51 array00 ROOT: N: loop 1 TARGET_ID = 0xf (ALPA = 0xce) 22767 Apr 22 19:52:18 array00 ROOT: N: Initializing loop 2 ISP2200 ... firmware status = 3 22768 Apr 22 19:52:18 array00 ROOT: N: Detected 29 FC-AL ports on loop 2 22769 Apr 22 19:52:18 array00 ROOT: N: loop 2 TARGET_ID = 0xf (ALPA = 0xce) 22770 Apr 22 19:53:05 array00 ROOT: N: u2ctr found 28 disks in the system 22771 Apr 22 19:53:24 array00 ROOT: N: 6120 Release 3.2.6 Mon Feb 5 02:26:22 MST 2007 (192.168.0.40) 22772 Apr 22 19:53:24 array00 ROOT: N: u2ctr Reset (3000) lpc_hbt.c line 290, Assert(0) => 0 Note: Although the event "uXctr Reset (3000) lpc_hbt.c line xxx, Assert(0) => 0" is a good indicator for this issue, the complete array logs should be analyzed to confirm this. 4. Workaround To avoid this issue, power cycle the array no later than every 994 days (The recommendation is to power cycle the array every 2 years). Note: Executing the command 'reset' on the array is not enough to remedy this issue, a complete power cycle is required. Procedure for the T3B and 6120: 1. Stop the I/O access to the array. 2. Wait 2 min. 3. Run 'shutdown' on the array. 4. Power off the array. 5. Wait 1 min. 6. Power on the array. 7. Resume the I/O access once you confirm that the array is up. Procedure for the 3910, 3960, 6910 and 6960: 1. Stop the I/O access to the array. 2. Follow the procedure described in http://docs.sun.com/app/docs/doc/816-5252-11 chapter 4.7 to power off the array. 3. Follow the procedure described in http://docs.sun.com/app/docs/doc/816-5252-11 chapter 4.4 to power on the array. Procedure for the 6320: 1. Stop the I/O access to the array. 2. Follow the procedure described in http://docs.sun.com/app/docs/doc/816-7879-12 chapter 2.6.8 to power off the array. 3. Follow the procedure described in http://docs.sun.com/app/docs/doc/816-7879-12 chapter 2.6.7 to power on the array. 4. Resume the I/O access once you confirm the array is up. Procedure for the 6920: 1. Stop the I/O access to the array. 2. Follow the procedure described in http://docs.sun.com/app/docs/doc/819-0123-10 chapter "Performing a Partial Shutdown" (page 59) to power off the 6920. 3. Pull the power cables from the DSP. 4. Follow the procedure described in http://docs.sun.com/app/docs/doc/819-0123-10 chapter "Restoring the System After a Partial Shutdown" (page 60) to power on the 6920. 5. Wait 10 min. 6. Insert power cables back to the DSP. 7. Wait 5 min. 8. Resume the I/O access to the array. 5. Resolution Please see the "Workaround" section above. This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSCeV9Ch9+71yA2DNAQL5xwP+OIxSJ/HNFHZjBjsN6Sax0m6O4C7REKU+ pT7QXAdoNtUDDyEYcad7UwuBlJnpkcO/6gwJhAI6+vqYrNl5C4CYSRZLZeTNuHl6 OPhpYPQ41R2rGSsRc2/IlwDDOOPgpqfdT8vFiVoyAu1QJulohxxrHN5Dgxbts9xp evXxBnrL4K8= =egN/ -----END PGP SIGNATURE-----