Overview
Sun Solaris contains a vulnerability in which systems configured as kerberos clients that have specific patches installed may log passwords in clear text.
Description
Sun Microsystems released patches 112908-12 and 115168-03 to address issues in kerberos. There is a vulnerability in these patches that may result in user passwords being logged in clear text. According to the Sun Security Alert: |
Impact
A local user with access to the log files could obtain another user's password. |
Solution
Apply a patch |
Disable logging of LOG_DEBUG level messages This can be accomplished by the following steps:
2. Send a SIGHUP to syslogd:
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This vulnerability was reported by Sun Microsystems Inc.
This document was written by Damon Morda.
Other Information
CVE IDs: | None |
Severity Metric: | 3.00 |
Date Public: | 2004-06-17 |
Date First Published: | 2004-06-24 |
Date Last Updated: | 2004-06-30 13:21 UTC |
Document Revision: | 14 |