[VulnWatch] Sun passwd(1) Command Vulnerability

• Previous message: Ulf Härnhammar: "[VulnWatch] GNU Anubis buffer overflows and format string bugs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 5 Mar 2004 11:21:28 -0500 (EST)
To: vulnwatch@vulnwatch.org

O-088: Sun passwd(1) Command Vulnerability

[Sun Alert ID: 57454]

March 2, 2004 22:00 GMT
--------------------------------------------------------------------------------

PROBLEM: The passwd command computes the hash of a password typed at
run-time or the hash of each password in a list. A vulnerability exists in
this command.

PLATFORM: Solaris 8, 9 (SPARC and x86 Platforms)

DAMAGE: A local unprivileged user may be able to gain unauthorized root
privileges due to a security issue involving the passwd(1) command.

SOLUTION: Install the security patch.

--------------------------------------------------------------------------------

VULNERABILITY
ASSESSMENT: The risk is MEDIUM. A local unprivileged user may be able to
gain unauthorized root privileges.

--------------------------------------------------------------------------------

LINKS:

  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-088.shtml

  ORIGINAL BULLETIN: Sun Alert ID: 57454
http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57454&zone_32=category%3Asecurity

• Previous message: Ulf Härnhammar: "[VulnWatch] GNU Anubis buffer overflows and format string bugs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [Full-Disclosure] CSA-200402-1: Previous Open Webmail vulnerability is exploitable ... Vulnerability: Remote arbitrary command exection ... "Open WebMail is a webmail system based on the Neomail version 1.14 ... -p The port to have the reverse shellcode connect back to. ... (Full-Disclosure) [ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail ... IMAP/SMTP Injection in Hastymail. ... Hastymail is yet another webmail IMAP client written in PHP. ... Improper command and information validation transmitted by Hastymail ... This vulnerability has been tested in: ... (Bugtraq) Re: Obtaining random seeds ... cat /dev/mouse | od ... >>command line under some Unix flavor. ... >>not include things like hash functions, ... > I get the number by executing a bunch of commands ... (sci.crypt) Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability ... Portcullis Security Advisory 05-014 HP Openview Remote Command Execution ... HP OpenView Network Node Manager 6.41 and 7.5 running on Solaris 8 ... Vulnerability discovery and development: ... James Fisher of Portcullis Computer Security Ltd discovered this ... (Bugtraq) [VulnWatch] Re: iDEFENSE Security Advisory 02.10.05: IBM AIX lspath Local File Access Vulnerability ... IBM SECURITY ADVISORY ... VULNERABILITY: A vulnerability in the lspath command allows any ... A vulnerability was discovered in the lspath command. ... (VulnWatch)