Vulnerabilities > CVE-2005-2136 - Incorrect Authorization vulnerability in Raritan products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

raritan

CWE-863

NVD

Published: 2005-07-05

Updated: 2023-04-25

Summary

Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users.

Vulnerable Configurations

Part	Description	Count
OS	Raritan Raritan Dominion SX4 Firmware - Raritan Dominion SX8 Firmware - Raritan Dominion Sx16 Firmware - Raritan Dominion Sx32 Firmware 2.4.6 Raritan Dominion SXA 48 Firmware -	5
Hardware	Raritan Raritan Dominion SX4 - Raritan Dominion SX8 - Raritan Dominion Sx16 - Raritan Dominion Sx32 - Raritan Dominion SXA 48 -	5

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References