OSVDB ID: 17620

Title: Dominion SX /etc/shadow Permission Weakness Hashed Password Disclosure

Info

Disclosure

Jun 29, 2005

Discovery

Unknown

Dates

Exploit

Jun 29, 2005

Solution

Unknown

Description

Dominion SX contains a flaw that may lead to an unauthorized information disclosure. The issue is due to the /etc/shadow file having world-readable permissions by default, which will disclose the root user's password hash resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Raritan has released a patch to address this vulnerability.

Products

Raritan Computer Inc.

Dominion SX

2.2.11

References

Bugtraq ID: 14084
Secunia Advisory ID: 15853
Related OSVDB ID: 17621
CVE ID: 2005-2136 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0248.html
Vendor URL: http://www.raritan.com/products/
Vendor Specific Solution URL: http://www.raritan.com/support/sup_upgrades.aspx

Credit

Dirk Wetter -

Direct URL: http://osvdb.org/36218