Solaris flaw in passwd command allows root privileges

Edmund X. DeJesus, Contributing Writer

Sun has announced a problem in the passwd command of the Solaris operating system. This command computes the hashes of passwords, but contains an unspecified flaw. The flaw could permit a local user without advanced privileges to gain unauthorized root privileges. Presumably, the issue involves using the passwd command to erroneously allow login as root without the correct root password.

The problem is known to occur in Solaris versions 8 and 9 on both SPARC and x86 platforms. (Solaris 7 does not have this vulnerability.) There is no workaround. However, Sun has posted

    Requires Free Membership to View


More information about the vulnerability can be found here.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: