Executive Summary
Summary | |
---|---|
Title | Oracle Solaris 10 password hashes leaked through back-out patch files |
Informations | |||
---|---|---|---|
Name | VU#648244 | First vendor Publication | 2011-04-05 |
Vendor | VU-CERT | Last vendor Modification | 2011-04-05 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#648244Oracle Solaris 10 password hashes leaked through back-out patch filesOverviewOracle Solaris 10 back-out patch files (undo.Z) contain password hashes which may be readable by unprivileged users.I. DescriptionThe root password hash along with other users' password hashes may be contained in the back-out patch files. In some instances, these files may be readable by unprivileged users. An unprivileged user can extract the password hashes from the file and perform a brute force attack on the password hashes in an attempt to recover the password.II. ImpactAn attacker may be able to obtain the credentials for the root or other user accounts.III. SolutionApply an UpdateInstall patch 119254-80. Patch 119254-80 is also part of the April 1st recommended patch set for Solaris 10.
ReferencesThanks to Michael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA) for reporting this vulnerability. This document was written by Jared Allar.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/648244 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-255 | Credentials Management |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:19456 | |||
Oval ID: | oval:org.mitre.oval:def:19456 | ||
Title: | CRITICAL PATCH UPDATE APRIL 2011 | ||
Description: | Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0412 | Version: | 3 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 3 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71646 | Oracle Solaris Backout File (undo.Z) Permissions Weakness Password Hash Local... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-09-04 | Name : The remote host is missing Sun Security Patch number 119255-93 File : solaris10_x86_119255.nasl - Type : ACT_GATHER_INFO |
2006-08-21 | Name : The remote host is missing Sun Security Patch number 119254-93 File : solaris10_119254.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 110934-28 File : solaris8_110934.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 110935-28 File : solaris8_x86_110935.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 113713-30 File : solaris9_113713.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114568-29 File : solaris9_x86_114568.nasl - Type : ACT_GATHER_INFO |