Vulnwatch mailing list archives

Previous By Date Next
Previous By Thread Next

Sun passwd(1) Command Vulnerability

From: Chris Wysopal <weld () vulnwatch org>
Date: Fri, 5 Mar 2004 11:21:28 -0500 (EST)

O-088: Sun passwd(1) Command Vulnerability

[Sun Alert ID: 57454]

March 2, 2004 22:00 GMT
--------------------------------------------------------------------------------

PROBLEM: The passwd command computes the hash of a password typed at
run-time or the hash of each password in a list. A vulnerability exists in
this command.

PLATFORM: Solaris 8, 9 (SPARC and x86 Platforms)

DAMAGE:  A local unprivileged user may be able to gain unauthorized root
privileges due to a security issue involving the passwd(1) command.

SOLUTION: Install the security patch.

--------------------------------------------------------------------------------

VULNERABILITY
ASSESSMENT: The risk is MEDIUM. A local unprivileged user may be able to
gain unauthorized root privileges.

--------------------------------------------------------------------------------

LINKS:

  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-088.shtml

  ORIGINAL BULLETIN: Sun Alert ID: 57454
http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57454&zone_32=category%3Asecurity
Previous By Date Next
Previous By Thread Next

Current thread: