Skip to main content
  1. Home >
  2. Support >
  3. Products >
  4. Software >
  5. Security >
  6. This page provides Security Information.

Enhanced Support Facility : HRM-S Client Connection Vulnerability. February 19th, 2009


Notes on using this web page

1. Description

There is a vulnerability in HRM-S. This vulnerability may allow a remote unauthenticated user to issue hardware or software information requests.

Fujitsu provides security patches shown in 3.
Please apply them as soon as possible.

2. Impact

This vulnerability may allow the remote unauthenticated user to access to the hardware composition information and the installed software information on the system.

3. Affected systems and corresponding action

3-1. Affected systems:

PRIMEPOWER, SPARC Enterprise

3-2. Affected products and required patch

Enhanced Support Facility for PRIMEPOWER
Products Target OS Package name Patch ID.
Enhanced Support Facility 3.0 Solaris 8, 9, 10 FJSVhrm 914654-02
Enhanced Support Facility for SPARC Enterprise
Products Target OS Package name Patch ID.
Enhanced Support Facility 3.0 Solaris 10 FJSVhrmse 914595-05
Enhanced Support Facility 3.0.1 Solaris 10 FJSVhrmse 914595-05

* For the Patches, please contact a Fujitsu system engineer or your partner(s).

To determine the version and level of the product, the following method can be done:

  • for PRIMEPOWER
    space
    • Run "pkginfo -l FJSVhrm"
    • When the package exists and the VERSION line is the same as below, the product is affected.
      VERSION=3.0.0,REV=2006.06.1300
  • for SPARC Enterprise
    space
    • Run "pkginfo -l FJSVhrmse"
    • When the package exists and the VERSION line is the same as below, the product is affected.
      VERSION=3.1.1,REV=2006.10.3100

3-3. Workaround

Please place the server on the trusted network until the patch have been applied. If you can not do so, stop the HRM-S service in the following way.

  1. Execute the following command to check the HRM-S service setting with the root privilege. When the current status(*note) is displayed as "HRM is disabled", the actions of (II) are unnecessary.

    # /opt/FJSVhrm/bin/setup_e.sh

    [example]
    ===== HRM setup menu =====
    current status:
    HRM is enabled. HRM is running. <-- *note: check this line
    SANtool is disabled.
    1      enable HRM
    2      disable HRM
    3      enable SANtool
    4      disable SANtool
    5      set IP address of SANtool
    6      start HRM and SANtool
    7      stop HRM and SANtool
    8      change timezone setting
    9      SDB agent setting
    q      quit
    Select a number [?,??,q]:
  2. Select "7" to stop HRM, and then select "2" to disable HRM. Finally, confirm that the display of "current status" is "HRM is disabled" and "SANtool is disabled".


    [final display exsample]
    ===== HRM setup menu =====
    current status:
    HRM is disabled.
    SANtool is disabled.
    1      enable HRM
    2      disable HRM
    3      enable SANtool
    4      disable SANtool
    5      set IP address of SANtool
    6      start HRM and SANtool
    7      stop HRM and SANtool
    8      change timezone setting
    9      SDB agent setting
    q      quit
    Select a number [?,??,q]:

4. Related information

None.

5. Revision history

  • February 19th, 2009 : Initial release