Vulnerability in Sun SPARC Enterprise Servers Allows Unauthorized Remote Access
CVE-2009-0171

Currently unrated

Key Information:

Vendor: Oracle
Status: Sparc Enterprise Server
Vendor: CVE Published:; 16 January 2009

Summary

The Sun SPARC Enterprise M4000 and M5000 servers have a vulnerability that allows attackers to exploit the manufacturing root password associated with specific serial numbers. By leveraging this flaw, malicious actors can gain unauthorized root access to the eXtended System Control Facility Unit (XSCFU), potentially leading to severe security implications and unauthorized control over the server systems.

References

http://www.vupen.com/english/advisories/2009/0207

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/33280

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1021602

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 16, 2009
Vulnerability Reserved
Jan 16, 2009