Potential security vulnerability in IMM and CMM firmware - IBM Flex system



Source

RETAIN tip: H207145

Symptom

The following Integrated Management Module (IMM) Build IDs contain a potential security vulnerability:

  1AOO10I 1AOO26K 1AOO30P 1AOO32K
1AOO10K 1AOO28N 1AOO30T 1AOO32O
1AOO24B 1AOO28Q 1AOO30W 1AOO32P
1AOO26L 1AOO28S 1AOO30Y 1AOO30Z
1AOO26O 1AOO30D 1AOO30Z 1AOO34A

These IMM build IDs represent IMM versions 1.00 to 1.65 and FSM Appliance Updates 1.1.0, 1.1.0.1, and 1.1.1.

The following Chassis Management Module (CMM) Build IDs contain a potential security vulnerability:

  • 2PET10A through 2PET10I

These CMM build IDs represent versions 1.00.0 to 1.20.2.

Later IMM and CMM Build IDs are not affected.

See IBM Security Bulletin 23600 (CVE-2012-4838), available from the following URL:

Affected configurations

The system may be any of the following IBM servers:

  • Flex System Enterprise Chassis, type 7893, any model
  • Flex System Enterprise Chassis, type 8721, any model
  • Flex System Enterprise Chassis, type 8724, any model
  • Flex System Manager Node, type 7955, any model
  • Flex System Manager Node, type 8731, any model
  • Flex System Manager Node, type 8734, any model
  • Flex System x220 Compute Node, type 2585, any model
  • Flex System x220 Compute Node, type 7864, any model
  • Flex System x220 Compute Node, type 7906, any model
  • Flex System x240 Compute Node, type 8737, any model
  • Flex System x440 Compute Node, type 7917, any model

The system is configured with one or more of the following IBM Options:

  • Flex System Chassis Management Module, Option part number 68Y7029, any replacement part number (CRU)

This tip is not software specific.

The Build ID: 1AOO32P and 2PET10I and earlier firmware for the IMM2 and CMM is affected.

The following system firmware level(s) are affected:

  • IMM firmware 1AOO34A and earlier
  • CMM firmware 2PET10I and earlier

Solution

This behavior has been corrected in IMM firmware Build ID: 1AOO34W or later and in CMM firmware Build ID: 2PET10J or later.

This fix is available in IMM2 1AOO34Y (1.85) or later and in FSM Appliance Update 1.2.0. The fix is available in CMM 2PET10J (1.40.0) or later.

The file is available by selecting the appropriate Product Group, type of System, Product name, Product machine type, and Operating system on IBM Support's Fix Central web page, at the following URL:

Additional information

See IBM Security Bulletin 23600 (CVE-2012-4838), available from the following URL:

Applicable countries and regions

 


Document id:  MIGR-5092007
Last modified:  2012-12-05
Copyright © 2014 IBM Corporation