search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Sun Solaris passwd command allows for privilege escalation

Vulnerability Note VU#694782

Original Release Date: 2004-03-05 | Last Revised: 2004-03-05

Overview

Sun Solaris contains a vulnerability in the passwd(1) command which could allow for privilege escalation.

Description

The passwd command is used to update a user's authentication token(s). There is non-specific vulnerability identified in Sun Security Alert ID: 57454. This vulnerability could allow a local unprivileged user to gain root privileges.

Impact

A local unprivileged user may gain root privileges.

Solution

Apply Patch

According to Sun Microsystems, this issue is resolved in the following releases:

SPARC Platform

Solaris 8 with patch 108993-32 or later
Solaris 9 with patch 113476-11 or later

x86 Platform

Solaris 8 with patch 108994-32 or later
Solaris 9 with patch 114242-07 or later

Vendor Information

694782
 
Expand all

Sun Microsystems Inc. Affected

Updated:  March 05, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please refer to Sun Security Alert ID: 57454.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Sun Microsystems credits Tim Wort for reporting this vulnerability.

This document was written by Damon Morda.

Other Information

CVE IDs: None
Severity Metric: 14.06
Date Public: 2004-02-26
Date First Published: 2004-03-05
Date Last Updated: 2004-03-05 16:26 UTC
Document Revision: 9

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis