Unencrypted Back-out Patch Files in Oracle Solaris Allow Password Hash Theft and Brute Force Attacks

Unencrypted Back-out Patch Files in Oracle Solaris Allow Password Hash Theft and Brute Force Attacks

CVE-2011-0412 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.

Learn more about our Cis Benchmark Audit For Oracle Solaris.