Sun has announced a problem in the passwd command of the Solaris operating system. This command computes the hashes...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
of passwords, but contains an unspecified flaw. The flaw could permit a local user without advanced privileges to gain unauthorized root privileges. Presumably, the issue involves using the passwd command to erroneously allow login as root without the correct root password.
The problem is known to occur in Solaris versions 8 and 9 on both SPARC and x86 platforms. (Solaris 7 does not have this vulnerability.) There is no workaround. However, Sun has posted patches
More information about the vulnerability can be found here.