CVE-2011-0412Improper Control of Interaction Frequency in Sunos

CWE-2553 documents3 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 79.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN Sunos
Timeline
PublishedApr 19
Latest updateMay 17

Description

Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDsun/sunos5.10, 5.8, 5.9+2

🔴Vulnerability Details

2
GHSA
GHSA-x4qg-rgm7-vgvv: Oracle Solaris 8, 9, and 10 stores back-out patch files (undo2022-05-17
CVEList
CVE-2011-0412: Oracle Solaris 8, 9, and 10 stores back-out patch files (undo2011-04-19
CVE-2011-0412 — SUN Sunos vulnerability | cvebase