| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Sun Solaris 9.0 and classified as problematic. Impacted is an unknown function of the component Kerberos Client. The manipulation of the argument LOG_DEBUG leads to missing encryption. This vulnerability is documented as CVE-2004-0653. The attack requires being on the local network. Additionally, an exploit exists. The affected component should be upgraded.
Details
A vulnerability, which was classified as problematic, has been found in Sun Solaris 9.0 (Operating System). This issue affects an unknown part of the component Kerberos Client. The manipulation of the argument LOG_DEBUG with an unknown input leads to a missing encryption vulnerability. Using CWE to declare the problem leads to CWE-311. The product does not encrypt sensitive or critical information before storage or transmission. Impacted is confidentiality, and integrity. The summary by CVE is:
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user s passwords by reading log files.
The weakness was released 06/17/2004 with Sun Microsystems Inc. (Website). It is possible to read the advisory at sunsolve.sun.com. The identification of this vulnerability is CVE-2004-0653 since 07/09/2004. The attack needs to be done within the local network. No form of authentication is needed for a successful exploitation. Technical details as well as a public exploit are known. The attack technique deployed by this issue is T1600 according to MITRE ATT&CK.
After immediately, there has been an exploit disclosed. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 13520 (Solaris 9 (sparc) : 112908-38), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Solaris Local Security Checks.
Upgrading to version pam_krb5 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at sunsolve.sun.com. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at X-Force (16450), Tenable (13520), SecurityFocus (BID 10606†), OSVDB (7254†) and Secunia (SA11940†). kb.cert.org is providing further details. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Support
- end of life (old version)
Website
- Vendor: https://www.oracle.com/sun/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.9
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Missing encryptionCWE: CWE-311 / CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Access: Public
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 13520
Nessus Name: Solaris 9 (sparc) : 112908-38
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Upgrade: Solaris pam_krb5
Patch: sunsolve.sun.com
Timeline
06/17/2004 🔍06/17/2004 🔍
06/17/2004 🔍
06/17/2004 🔍
06/25/2004 🔍
06/28/2004 🔍
07/09/2004 🔍
08/06/2004 🔍
01/29/2009 🔍
12/16/2024 🔍
Sources
Vendor: oracle.comAdvisory: sunsolve.sun.com⛔
Researcher: http://www.sun.com
Organization: Sun Microsystems Inc.
Status: Confirmed
CVE: CVE-2004-0653 (🔍)
GCVE (CVE): GCVE-0-2004-0653
GCVE (VulDB): GCVE-100-731
OVAL: 🔍
CERT: 🔍
X-Force: 16450 - Sun Solaris configured as Kerberos logs passwords in plain text, Medium Risk
SecurityFocus: 10606 - Sun Solaris Patches 112908-12 And 115168-03 Clear Text Password Logging Vulnerability
Secunia: 11940 - Sun Solaris Kerberos Client Clear Text Password Logging, Not Critical
OSVDB: 7254 - Solaris Kerberos Client Cleartext Password Disclosure
SecurityTracker: 1010530 - Sun Kerberos Security Patch May Disclose Kerberos Client Passwords to Local Users
Vulnerability Center: 20666 - Sun Solaris 9 Kerberos Allows Local Text Password Logging Vulnerability, Low
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
Entry
Created: 06/28/2004 15:13Updated: 12/16/2024 03:11
Changes: 06/28/2004 15:13 (61), 06/07/2017 16:01 (30), 03/09/2021 14:51 (3), 03/09/2021 14:57 (1), 12/16/2024 03:11 (15)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.