Oracle ZFS Storage Appliance: ZS3-2 - NTP server version disclosure after ILOM upgrade to 3.2.9.21 r117708

(Doc ID 2384548.1)

Last updated on APRIL 10, 2018

Applies to:

Oracle ZFS Storage ZS3-2 - Version All Versions and later
7000 Appliance OS (Fishworks)

Symptoms

After upgrading the ZS3-2 ILOM/BIOS version to 3.2.9.21 r117708 we are able to obtain sensitive information from our ZS3-2 SP.

 

Nessus elicited the following response from the remote host by sending an NTP mode 6 query :

 

Version details of the ZS3-2:

Appliance Kit ak/SUNW,maguroG2@2013.06.05.7.14,1-1.1
Operating System SunOS 5.11 ak/generic@2013.06.05.7.14,1-1.1 64-bit
BIOS American Megatrends Inc. 21000227 03/11/2016
Service Processor 3.2.9.21 r117708

 

Changes

After upgrading the ILOM/BIOS version to 3.2.9.21 r117708

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms