BID:18023

Sun N1 System Manager Local Password Disclosure Vulnerability

CVE-2006-2614 |

Info

Sun N1 System Manager Local Password Disclosure Vulnerability

Bugtraq ID:	18023
Class:	Design Error
CVE:	CVE-2006-2614
Remote:	No
Local:	Yes
Published:	May 18 2006 12:00AM
Updated:	Jul 06 2016 02:40PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Sun Solaris 10_x86 Sun Solaris 10_sparc Sun N1 System Manager 1.1

Not Vulnerable:

Discussion

Sun N1 System Manager Local Password Disclosure Vulnerability

Sun N1 System Manager is prone to a vulnerability that may allow local unauthorized attackers to gain access to System Manager passwords.

A successful attack may allow attackers to gain unauthorized access to System Manager and carry out further attacks against other computers that are managed by System Manager.

Sun N1 System Manager 1.1 for Solaris 10 is vulnerable to this issue.

Exploit / POC

Sun N1 System Manager Local Password Disclosure Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Solution / Fix

Sun N1 System Manager Local Password Disclosure Vulnerability

Solution:

Sun has released patches to address this issue.

Sun N1 System Manager 1.1

Sun 121161-01
For Solaris 10 SPARC
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121161-01-1

Sun 121161-01
For Solaris 10 x86
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121161-01-1

References

Sun N1 System Manager Local Password Disclosure Vulnerability

References:

Sun Alert ID: 102024 (Sun)