2.1

CVE-2011-0412

Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunSunos Version5.8
SunSunos Version5.9
SunSunos Version5.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.297
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://osvdb.org/71646
http://secunia.com/advisories/44047
Vendor Advisory
http://www.kb.cert.org/vuls/id/648244
US Government Resource
http://www.securityfocus.com/bid/47171
http://www.vupen.com/english/advisories/2011/0882
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66579