OracleSolaris10 rollback patch file password hash leakage vulnerability

Release date: updated: Affected system: SunSolaris10.0 description: ------------------------------------------------------------------------------------------ CVEID: CVE-2011-0412Solaris is

Release date:
Updated on:

Affected systems:
Sun Solaris 10.0
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-0412

Solaris is a computer operating system developed by Sun Microsystems.
The Oracle Solaris 10 rollback patch file (undo. Z) contains an unauthorized user-readable password hash. local users can exploit this vulnerability to leak sensitive information.

This security vulnerability is caused by/var/sadm/pkg/of some software packages/ /Save/ /The "undo. Z" rollback file is stored in an insecure manner, which can lead to extraction of files containing the root and other users' password hashing.

<* Source: Michael Rutkoski
Aerospace

Link: http://www.kb.cert.org/vuls/id/648244
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Sun
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://sunsolve.sun.com/security