{"vuid":"VU#648244","idnumber":"648244","name":"Oracle Solaris 10 password hashes leaked through back-out patch files","keywords":["Oracle","Solaris 10"],"overview":"Oracle Solaris 10 back-out patch files (undo.Z) contain password hashes which may be readable by unprivileged users.","clean_desc":"The root password hash along with other users' password hashes may be contained in the back-out patch files. In some instances, these files may be readable by unprivileged users. An unprivileged user can extract the password hashes from the file and perform a brute force attack on the password hashes in an attempt to recover the password.","impact":"An attacker may be able to obtain the credentials for the root or other user accounts.","resolution":"Apply an Update\nInstall patch 119254-80. Patch 119254-80 is also part of the April 1st recommended patch set for Solaris 10.","workarounds":"Restrict Access\nSystem administrators should make sure the permissions for back-out patch files are not world-readable. These can typically be found at /var/sadm/pkg/<pkgname>/save/<patchid>/undo.Z.","sysaffected":"","thanks":"Thanks to \nMichael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA)\n for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":[],"cveids":["CVE-2011-0412"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-01-21T18:13:33Z","publicdate":"2011-04-05T00:00:00Z","datefirstpublished":"2011-04-05T17:19:04Z","dateupdated":"2011-04-05T18:41:35Z","revision":24,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"11","cam_exploitation":"2","cam_internetinfrastructure":"4","cam_population":"7","cam_impact":"4","cam_easeofexploitation":"20","cam_attackeraccessrequired":"3","cam_scorecurrent":"0.5355","cam_scorecurrentwidelyknown":"0.819","cam_scorecurrentwidelyknownexploited":"1.386","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.5355,"vulnote":null}