CVE-2011-0412

Published: Apr 19, 2011Modified: Apr 29, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.

Affected (3)

Products: Sun: Sunos

Sun

1 product

Sunos

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Sun Sunos	Version 5.10
Sun Sunos	Version 5.8
Sun Sunos	Version 5.9

Related CWEs

CWE-255

References (14)

http://osvdb.org/71646

Source: cret@cert.org

http://secunia.com/advisories/44047

Source: cret@cert.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/648244

Source: cret@cert.org

US Government Resource

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Source: cret@cert.org

http://www.securityfocus.com/bid/47171

Source: cret@cert.org

http://www.vupen.com/english/advisories/2011/0882

Source: cret@cert.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/66579

Source: cret@cert.org

http://osvdb.org/71646