Lucene search

MitreCVE-2004-0653

HistoryAug 06, 2004 - 4:00 a.m.

CVE-2004-0653

2004-08-0604:00:00

mitre

web.nvd.nist.gov

cve-2004-0653

solaris 9

kerberos

plaintext password

vulnerability

nvd

pam_krb5

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

36.9%

JSON

Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an “auth” module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user’s passwords by reading log files.

Affected configurations

Nvd

Node

sunsolarisMatch9.0sparc

VendorProductVersionCPE
sunsolaris9.0cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*

Vendor	Product	Version	CPE
sun	solaris	9.0	cpe:2.3:o:sun:solaris:9.0::sparc:::::

References

secunia.com/advisories/11940/

sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57587

sunsolve.sun.com/search/document.do?assetkey=1-26-101519-1

www.ciac.org/ciac/bulletins/o-172.shtml

www.kb.cert.org/vuls/id/523710

www.securityfocus.com/bid/10606

exchange.xforce.ibmcloud.com/vulnerabilities/16450

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2065

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A255

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

36.9%

JSON

Related for CVE-2004-0653