Back to search
CVE-2011-0412
Published: Apr 19, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
x_refsource_CONFIRM
44047
third-party-advisory
x_refsource_SECUNIA
VU#648244
third-party-advisory
x_refsource_CERT-VN
solaris-password-info-disclosure(66579)
vdb-entry
x_refsource_XF
47171
vdb-entry
x_refsource_BID
71646
vdb-entry
x_refsource_OSVDB
ADV-2011-0882
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now