Solaris flaw in passwd command allows root privileges

By Edmund X. DeJesus, Contributing Writer 10 Mar 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Sun has announced a problem in the passwd command of the Solaris operating system. This command computes the hashes of passwords, but contains an unspecified flaw. The flaw could permit a local user without advanced privileges to gain unauthorized root privileges. Presumably, the issue involves using the passwd command to erroneously allow login as root without the correct root password.

The problem is known to occur in Solaris versions 8 and 9 on both SPARC and x86 platforms. (Solaris 7 does not have this vulnerability.) There is no workaround. However, Sun has posted patches

More information about the vulnerability can be found here.

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary