BID:9757

Sun Solaris Unspecified Passwd Local Root Compromise Vulnerability

Info

Sun Solaris Unspecified Passwd Local Root Compromise Vulnerability

Bugtraq ID:	9757
Class:	Unknown
CVE:	CVE-2004-0360
Remote:	No
Local:	Yes
Published:	Feb 27 2004 12:00AM
Updated:	Jul 12 2009 03:06AM
Credit:	Discovery of this issue is credited to Tim Wort.
Vulnerable:	Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc

Not Vulnerable:

Discussion

Sun Solaris Unspecified Passwd Local Root Compromise Vulnerability

Sun has reported an unspecified vulnerability in the passwd utility on Solaris that may permit local attackers to gain unauthorized root privileges.

Exploit / POC

Sun Solaris Unspecified Passwd Local Root Compromise Vulnerability

CORE has developed a working commercial exploit for their IMPACT
product. This exploit is not otherwise publicly available or known
to be circulating in the wild.

Raptor has made the following exploit available:

/data/vulnerabilities/exploits/raptor_passwd.c

Solution / Fix

Sun Solaris Unspecified Passwd Local Root Compromise Vulnerability

Solution:
Sun has released patches for this issue:

Sun Solaris 9_x86

Sun 114242-07
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114242&rev=07

Sun Solaris 8_x86

Sun 108994-32
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108994&rev=32

Sun Solaris 8_sparc

Sun 108993-32
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108993&rev=32

Sun Solaris 9

Sun 113476-11
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=113476&rev=11

References

Sun Solaris Unspecified Passwd Local Root Compromise Vulnerability

References:

Solaris passwd exploit (CORE Security)
Sun Alert ID: 57454 (Sun)