CVE-2011-0412 - Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable per

CVE-2011-0412

Summary

Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html Per: http://www.kb.cert.org/vuls/id/648244 'III. Solution Apply an Update Install patch 119254-80. Patch 119254-80 is also part of the April 1st recommended patch set for Solaris 10.'

References

Vulnerable Configurations

cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 17-08-2017 - 01:33)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	47171
cert-vn	VU#648244
confirm	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
osvdb	71646
secunia	44047
vupen	ADV-2011-0882
xf	solaris-password-info-disclosure(66579)

Last major update

17-08-2017 - 01:33

Published

19-04-2011 - 19:55

Last modified

17-08-2017 - 01:33