header-logo
Suggest Exploit
vendor:
Solaris
by:
7.5
CVSS
HIGH
Local Information Disclosure
200
CWE
Product Name: Solaris
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: o:sun:solaris
Metasploit:
Other Scripts:
Platforms Tested:

Local Information Disclosure Vulnerability in Sun Microsystems Solaris

The vulnerability allows a local attacker to access sensitive information, including superuser password information, leading to further attacks. A complete compromise is possible. An example exploit is available: $ /opt/SUNWsrspx/bin/srsexec -dvb /etc/shadow OWNED

Mitigation:

Apply the latest security patches provided by Sun Microsystems. Restrict local access to trusted users only.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23915/info

Sun Microsystems Solaris is prone to a local information-disclosure vulnerability due to a design error.

A local attacker may exploit this issue to access sensitive information, including superuser password information, that may lead to further attacks. A complete compromise is possible. 

The following exploit example is available:
$ /opt/SUNWsrspx/bin/srsexec -dvb /etc/shadow OWNED

Navigation

Suggest Exploit

Services By CQR