CVE-2003-1078 — Sensitive Information Exposure in Solaris

CWE-200 — Sensitive Information Exposure CWE-215 — Insertion of Sensitive Information Into Debugging Code8 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 30.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedFeb 28

Latest updateApr 29

Description

The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDsun/solaris2.6, 7.0, 8.0+2

▶NVDsun/sunos5.7, 5.8+1

Patches

Patch: secunia.com ↗Patch: sunsolve.sun.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-2c3c-9673-r29f: The FTP client for Solaris 2↗2022-04-29

▶

CVEList

CVE-2003-1078: The FTP client for Solaris 2↗2005-02-08

▶

💥Exploits & PoCs

Exploit-DB

eXtremail 1.5.x (Linux) - Remote Format Strings↗2003-07-02

▶

📋Vendor Advisories

Red Hat

am-utils: insecure usage of temporary files↗2008-02-14

▶

📐Framework References

CWE

Exposure of Sensitive Information to an Unauthorized Actor↗

▶

CWE

Insertion of Sensitive Information Into Debugging Code↗

▶

💬Community

Bugzilla

CVE-2008-1078 am-utils: insecure usage of temporary files↗2008-02-29

▶