|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[VulnWatch] Sun passwd(1) Command Vulnerability
From: Chris Wysopal (weld
vulnwatch.org)
Date: Fri Mar 05 2004 - 10:21:28 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
O-088: Sun passwd(1) Command Vulnerability
[Sun Alert ID: 57454]
March 2, 2004 22:00 GMT
--------------------------------------------------------------------------------
PROBLEM: The passwd command computes the hash of a password typed at
run-time or the hash of each password in a list. A vulnerability exists in
this command.
PLATFORM: Solaris 8, 9 (SPARC and x86 Platforms)
DAMAGE: A local unprivileged user may be able to gain unauthorized root
privileges due to a security issue involving the passwd(1) command.
SOLUTION: Install the security patch.
--------------------------------------------------------------------------------
VULNERABILITY
ASSESSMENT: The risk is MEDIUM. A local unprivileged user may be able to
gain unauthorized root privileges.
--------------------------------------------------------------------------------
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-088.shtml
ORIGINAL BULLETIN: Sun Alert ID: 57454
http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57454&zone_32=category%3Asecurity
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]