Release date:
Updated on:
Affected Systems:
Sun Solaris 10.0
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-0412
Solaris is a computer operating system developed by Sun Microsystems.
The Oracle Solaris 10 rollback patch file (undo. Z) contains an unauthorized user-readable password hash. Local Users can exploit this vulnerability to leak sensitive information.
This security vulnerability is caused by/var/sadm/pkg/<pkgname>/save/<patchid>/storing "undo. Z "rollback file, which can lead to extraction of files containing root and other users' password hashing.
<* Source: Michael rutkoski
Aerospace
Link: http://www.kb.cert.org/vuls/id/648244
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Sun
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://sunsolve.sun.com/security