[VulnWatch] Sun passwd(1) Command Vulnerability
From: Chris Wysopal (weld_at_vulnwatch.org)
Date: 03/05/04
- Previous message: Ulf Härnhammar: "[VulnWatch] GNU Anubis buffer overflows and format string bugs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 5 Mar 2004 11:21:28 -0500 (EST) To: vulnwatch@vulnwatch.org
O-088: Sun passwd(1) Command Vulnerability
[Sun Alert ID: 57454]
March 2, 2004 22:00 GMT
--------------------------------------------------------------------------------
PROBLEM: The passwd command computes the hash of a password typed at
run-time or the hash of each password in a list. A vulnerability exists in
this command.
PLATFORM: Solaris 8, 9 (SPARC and x86 Platforms)
DAMAGE: A local unprivileged user may be able to gain unauthorized root
privileges due to a security issue involving the passwd(1) command.
SOLUTION: Install the security patch.
--------------------------------------------------------------------------------
VULNERABILITY
ASSESSMENT: The risk is MEDIUM. A local unprivileged user may be able to
gain unauthorized root privileges.
--------------------------------------------------------------------------------
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-088.shtml
ORIGINAL BULLETIN: Sun Alert ID: 57454
http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57454&zone_32=category%3Asecurity
- Previous message: Ulf Härnhammar: "[VulnWatch] GNU Anubis buffer overflows and format string bugs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
