Solaris flaw in passwd command allows root privileges

Solaris administrators will need to apply patches to seal a vulnerability in the operating system that could let a local user gain root privileges.

Sun has announced a problem in the passwd command of the Solaris operating system. This command computes the hashes of passwords, but contains an unspecified flaw. The flaw could permit a local user without advanced privileges to gain unauthorized root privileges. Presumably, the issue involves using the passwd command to erroneously allow login as root without the correct root password.

The problem is known to occur in Solaris versions 8 and 9 on both SPARC and x86 platforms. (Solaris 7 does not have this vulnerability.) There is no workaround. However, Sun has posted patches

More information about the vulnerability can be found here.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close