Vulnerabilities > CVE-2011-0412 - Credentials Management vulnerability in SUN Sunos 5.10/5.8/5.9
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html Per: http://www.kb.cert.org/vuls/id/648244 'III. Solution Apply an Update Install patch 119254-80. Patch 119254-80 is also part of the April 1st recommended patch set for Solaris 10.'
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119255.NASL description SunOS 5.10_x86: Install and Patch Utilities Patch. Date this patch was last updated by Sun : Mar/29/16 This plugin has been deprecated and either replaced with individual 119255 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22302 published 2006-09-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22302 title Solaris 10 (x86) : 119255-93 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(22302); script_version("1.95"); script_cvs_date("Date: 2018/07/30 13:40:15"); script_cve_id("CVE-2006-4439", "CVE-2011-0412"); script_name(english:"Solaris 10 (x86) : 119255-93 (deprecated)"); script_summary(english:"Check for patch 119255-93"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: Install and Patch Utilities Patch. Date this patch was last updated by Sun : Mar/29/16 This plugin has been deprecated and either replaced with individual 119255 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119255-93" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 119255 instead.");NASL family Solaris Local Security Checks NASL id SOLARIS10_119254-91.NASL description SunOS 5.10: Install and Patch Utilities Pa. Date this patch was last updated by Sun : Feb/23/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107315 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107315 title Solaris 10 (sparc) : 119254-91 NASL family Solaris Local Security Checks NASL id SOLARIS9_113713.NASL description SunOS 5.9: pkg utilities Patch. Date this patch was last updated by Sun : Apr/05/11 last seen 2020-06-01 modified 2020-06-02 plugin id 13543 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13543 title Solaris 9 (sparc) : 113713-30 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119255-92.NASL description SunOS 5.10_x86: Install and Patch Utilities Patch. Date this patch was last updated by Sun : Jun/11/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107819 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107819 title Solaris 10 (x86) : 119255-92 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119255-91.NASL description SunOS 5.10_x86: Install and Patch Utilitie. Date this patch was last updated by Sun : Feb/23/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107818 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107818 title Solaris 10 (x86) : 119255-91 NASL family Solaris Local Security Checks NASL id SOLARIS8_110934.NASL description SunOS 5.8: package utilities patch. Date this patch was last updated by Sun : Aug/19/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13358 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13358 title Solaris 8 (sparc) : 110934-28 NASL family Solaris Local Security Checks NASL id SOLARIS10_119254.NASL description SunOS 5.10: Install and Patch Utilities Patch. Date this patch was last updated by Sun : Mar/29/16 This plugin has been deprecated and either replaced with individual 119254 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22244 published 2006-08-21 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22244 title Solaris 10 (sparc) : 119254-93 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_119254-92.NASL description SunOS 5.10: Install and Patch Utilities Patch. Date this patch was last updated by Sun : Jun/11/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107316 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107316 title Solaris 10 (sparc) : 119254-92 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_110935.NASL description SunOS 5.8_x86: package utilites patch. Date this patch was last updated by Sun : Aug/19/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13462 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13462 title Solaris 8 (x86) : 110935-28 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114568.NASL description SunOS 5.9_x86: pkg utilities Patch. Date this patch was last updated by Sun : Apr/05/11 last seen 2020-06-01 modified 2020-06-02 plugin id 13606 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13606 title Solaris 9 (x86) : 114568-29
Seebug
| bulletinFamily | exploit |
| description | CVE ID: CVE-2011-0412 Solaris是Sun Microsystems研发的计算机操作系统。 Oracle Solaris 10回滚补丁文件(undo.Z)包含未授权用户可读的密码哈希,本地用户可通过此漏洞泄露敏感信息。 此安全漏洞源于某些软件包的/var/sadm/pkg/<pkgname>/save/<patchid>/以不安全方式存储了"undo.Z"回滚文件,可导致提取包含root和其他用户的密码哈希的文件。 Sun Solaris 10.0 厂商补丁: Sun --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://sunsolve.sun.com/security |
| id | SSV:20451 |
| last seen | 2017-11-19 |
| modified | 2011-04-08 |
| published | 2011-04-08 |
| reporter | Root |
| title | Oracle Solaris 10回滚补丁文件密码哈希泄露漏洞 |
References
- http://osvdb.org/71646
- http://secunia.com/advisories/44047
- http://www.kb.cert.org/vuls/id/648244
- http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
- http://www.securityfocus.com/bid/47171
- http://www.vupen.com/english/advisories/2011/0882
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66579