Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5099

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-5099
Last Modified 07 Mar 2011 10:13:53
Published 17 Nov 2008 01:18:47
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-5099

Summary

Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992.

Vulnerable Systems

Application

  • Sun Logical Domain Manager 1.0

  • Sun Logical Domain Manager 1.0.1

  • Sun Logical Domain Manager 1.0.2

  • Sun Logical Domain Manager 1.0.3


References

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1

XF - sun-ldoms-auth-bypass(46594)

VUPEN - ADV-2008-3154

BID - 32286

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm

SUNALERT - 243606

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1

SECTRACK - 1021224

SECUNIA - 32674


Last Updated: 27 May 2016 10:48:42