CVE-2008-5099

Published: Nov 17, 2008Modified: Apr 23, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992.

Affected (4)

Products: Sun: Logical Domain Manager

1 product

Logical Domain Manager

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Sun Logical Domain Manager	Version 1.0.1 _nil_
Sun Logical Domain Manager	Version 1.0.2 _nil_
Sun Logical Domain Manager	Version 1.0.3 _nil_
Sun Logical Domain Manager	Version 1.0 _nil_

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (22)

http://secunia.com/advisories/32674

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1021224

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1

Source: cve@mitre.org

PatchVendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1

Source: cve@mitre.org

PatchVendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1

Source: cve@mitre.org

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-243606-1

Source: cve@mitre.org

Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm

Source: cve@mitre.org

http://www.securityfocus.com/bid/32286

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/3154

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/46594

Source: cve@mitre.org

http://secunia.com/advisories/32674

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1021224

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-26-243606-1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/32286

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/3154

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/46594

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.