Vulnwatch mailing list archives
Sun passwd(1) Command Vulnerability
From: Chris Wysopal <weld () vulnwatch org>
Date: Fri, 5 Mar 2004 11:21:28 -0500 (EST)
O-088: Sun passwd(1) Command Vulnerability [Sun Alert ID: 57454] March 2, 2004 22:00 GMT -------------------------------------------------------------------------------- PROBLEM: The passwd command computes the hash of a password typed at run-time or the hash of each password in a list. A vulnerability exists in this command. PLATFORM: Solaris 8, 9 (SPARC and x86 Platforms) DAMAGE: A local unprivileged user may be able to gain unauthorized root privileges due to a security issue involving the passwd(1) command. SOLUTION: Install the security patch. -------------------------------------------------------------------------------- VULNERABILITY ASSESSMENT: The risk is MEDIUM. A local unprivileged user may be able to gain unauthorized root privileges. -------------------------------------------------------------------------------- LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-088.shtml ORIGINAL BULLETIN: Sun Alert ID: 57454 http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57454&zone_32=category%3Asecurity
Current thread:
- Sun passwd(1) Command Vulnerability Chris Wysopal (Mar 05)