News Stay informed about the latest enterprise technology news and product updates.

Solaris flaw in passwd command allows root privileges

Solaris administrators will need to apply patches to seal a vulnerability in the operating system that could let a local user gain root privileges.

Sun has announced a problem in the passwd command of the Solaris operating system. This command computes the hashes of passwords, but contains an unspecified flaw. The flaw could permit a local user without advanced privileges to gain unauthorized root privileges. Presumably, the issue involves using the passwd command to erroneously allow login as root without the correct root password.

The problem is known to occur in Solaris versions 8 and 9 on both SPARC and x86 platforms. (Solaris 7 does not have this vulnerability.) There is no workaround. However, Sun has posted patches

More information about the vulnerability can be found here.

Dig Deeper on Password management and policy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.