CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
25.7%
Oracle Solaris 10 back-out patch files (undo.Z) contain password hashes which may be readable by unprivileged users.
The root password hash along with other usersβ password hashes may be contained in the back-out patch files. In some instances, these files may be readable by unprivileged users. An unprivileged user can extract the password hashes from the file and perform a brute force attack on the password hashes in an attempt to recover the password.
An attacker may be able to obtain the credentials for the root or other user accounts.
Apply an Update
Install patch 119254-80. Patch 119254-80 is also part of the April 1st recommended patch set for Solaris 10.
Restrict Access
System administrators should make sure the permissions for back-out patch files are not world-readable. These can typically be found at /var/sadm/pkg/<pkgname>/save/<patchid>/undo.Z.
648244
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: January 24, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Michael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA) for reporting this vulnerability.
This document was written by Jared Allar.
CVE IDs: | CVE-2011-0412 |
---|---|
Severity Metric: | 0.54 Date Public: |