Release date: updated: Affected system: SunSolaris10.0 description: ------------------------------------------------------------------------------------------ CVEID: CVE-2011-0412Solaris is
Release date:
Updated on:
Affected systems:
Sun Solaris 10.0
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-0412
Solaris is a computer operating system developed by Sun Microsystems.
The Oracle Solaris 10 rollback patch file (undo. Z) contains an unauthorized user-readable password hash. local users can exploit this vulnerability to leak sensitive information.
This security vulnerability is caused by/var/sadm/pkg/of some software packages/ /Save/ /The "undo. Z" rollback file is stored in an insecure manner, which can lead to extraction of files containing the root and other users' password hashing.
<* Source: Michael Rutkoski
Aerospace
Link: http://www.kb.cert.org/vuls/id/648244
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Sun
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://sunsolve.sun.com/security