Sun Storage Common Array Manager Unspecified Information

by Carol~ Moderator - 1/16/13 11:49 AM

In Reply to: VULNERABILITIES / FIXES - January 16, 2013 by Carol~ Moderator

Sun Storage Common Array Manager Unspecified Information Disclosure Vulnerability

Release Date : 2013-01-16

Criticality level : Less critical
Impact: Exposure of sensitive information
Where : From local network
Solution Status : Vendor Patch

Software: Sun Storage Common Array Manager 6.x

Description:
A vulnerability has been reported in Sun Storage Common Array Manager, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error within the Fault Management System (FMS) and can be exploited to read certain Sun Storage Common Array Manager accessible data.

The vulnerability is reported in version 6.9.0.

Solution:
Apply patches (please see the vendor's advisory for details).

Provided and/or discovered by:
It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for January 2013 only provides a bundled list of credits.

Original Advisory:
Oracle:
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixSUNS

http://secunia.com/advisories/51875/