----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Sun Netra / Fire Servers IP Spoofing Vulnerability

SECUNIA ADVISORY ID:
SA33158

VERIFY ADVISORY:
http://secunia.com/advisories/33158/

CRITICAL:
Moderately critical

IMPACT:
Spoofing

WHERE:
>From remote

OPERATING SYSTEM:

http://secunia.com/advisories/product//
Sun Netra 1280/1290 Server 5.x
http://secunia.com/advisories/product/3405/

http://secunia.com/advisories/product//

http://secunia.com/advisories/product//

http://secunia.com/advisories/product//
Sun Fire Mid-Range Servers ScApp Firmware 5.x
http://secunia.com/advisories/product/3404/

http://secunia.com/advisories/product//

http://secunia.com/advisories/product//

http://secunia.com/advisories/product//

http://secunia.com/advisories/product//

DESCRIPTION:
Sun has acknowledged a vulnerability in several Netra and Fire
products, which can be exploited by malicious people to conduct
spoofing attacks.

The vulnerability is caused due to an unspecified error and can be
exploited to gain access to the system console and potentially to the
host operating system by spoofing IP packets.

NOTE: The vulnerability only affects System Controller V2 systems
without SSH enabled.

The vulnerability is reported in:
* Sun Fire 3800, 4800, 4810, 6800, E2900, E4900, E6900, and V1280
* Netra 1280 and 1290 Servers

SOLUTION:
Apply patches.

Sun Fire 3800/4800/4810/6800/E2900/E4900/E6900/V1280:
Update to firmware (ScApp) version 5.20.11 (included in patch
114527-12) or later.

Netra 1280/1290 Servers:
Update to firmware (ScApp) version 5.20.11 (included in patch
114527-12) or later.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246746-1

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------