Raritan · Raritan Dominion Sx · CVE-2005-2136
Name of the Vulnerable Software and Affected Versions:
Raritan Dominion SX (DSX) Console Servers versions DSX16, DSX32, DSX4, DSX8, and DSXA-48
Description:
The issue allows local users to obtain hashed passwords or execute arbitrary code as other users due to world-readable permissions for /etc/shadow and world-writable permissions for /bin/busybox.
Recommendations:
For versions DSX16, DSX32, DSX4, DSX8, and DSXA-48, consider changing the permissions of /etc/shadow to prevent world-readable access and restrict write access to /bin/busybox to prevent arbitrary code execution.
As a temporary workaround, consider restricting access to the /bin/busybox executable until a patch is available.