Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-2384548.1
Update Date:2018-04-10
Keywords:
Solution Type  Problem Resolution Sure

Solution  2384548.1 :   Oracle ZFS Storage Appliance: ZS3-2 - NTP server version disclosure after ILOM upgrade to 3.2.9.21 r117708  

Related Items 
    

  • Oracle ZFS Storage ZS3-2
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>DISK>ZFS Storage>SN-DK: ZS
    •  






In this Document


Symptoms


Changes


Cause


Solution


References


Applies to:  

Oracle ZFS Storage ZS3-2 - Version All Versions and later
7000 Appliance OS (Fishworks)



Symptoms


After upgrading the ZS3-2 ILOM/BIOS version to 3.2.9.21 r117708 we are able to obtain sensitive information from our ZS3-2 SP.


 


Nessus elicited the following response from the remote host by sending an NTP mode 6 query :




'version="ntpd 4.2.8p8@1.3265-o Wed May 10 15:58:17 UTC 2017 (1)",
processor="armv5tejl", system="Linux/2.6.27.43", leap=0, stratum=2,
precision=-16, rootdelay=0.535, rootdisp=32.564, refid=10.242.69.66,
reftime=0xde31a77e.9faa0ac7, clock=0xde31a9a7.973008b7, peer=61049,
tc=10, mintc=3, offset=-8.061248, frequency=9.792, sys_jitter=0.000000,
clk_jitter=4.307, clk_wander=0.471'


An NTP service has been discovered, listening on port 123.


Version : 4.2.8p8




 


Before the upgrade this was not possible:




An NTP service has been discovered, listening on port 123.


No sensitive information has been disclosed.


Version : unknown




 


Version details of the ZS3-2:


Appliance Kit ak/SUNW,maguroG2@2013.06.05.7.14,1-1.1
Operating System SunOS 5.11 ak/generic@2013.06.05.7.14,1-1.1 64-bit
BIOS American Megatrends Inc. 21000227 03/11/2016
Service Processor 3.2.9.21 r117708


 


Changes


After upgrading the ILOM/BIOS version to 3.2.9.21 r117708


 


Cause


NTP Mode 6 queries are enabled in ILOM in version 3.2.9.21.


NTP Mode 6 queries are disabled in ILOM in version 3.2.10.x.


 


Solution


From Doc ID 1174698.1 (Oracle ZFS Storage Appliance: How to check the SP BIOS revision level), which contains a listing of all supported ILOM/BIOS versions for the Oracle ZFS Storage Appliance products, the (current) latest supported ILOM/BIOS for the ZS3-2 product is :


SW 1.6.0    (ILOM) 3.2.10.23 r121982    (BIOS) 21.00.02.28    [ patchId 27052021 ]


 


To eliminate this vulnerability, you should contact Oracle Support to arrange an ILOM/BIOS upgrade for your ZS3-2 product to the latest supported ILOM/BIOS version (Current at April 2018  -  3.2.10.23 r121982 - 21.00.02.28).


 


 


 


 


 



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback