Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun sunos 5.10 |
||
sun sunos 5.8 |
||
sun sunos 5.9 |