PT-2004-2839 · Oracle · Solaris

Chris Thompson

Published

2004-04-19

Updated

2017-07-11

CVE-2004-1942

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Solaris 9 versions 113579-02 through 113579-05 Solaris 9 versions 114342-02 through 114342-05

Description The issue allows local users to extract the contents of secure NIS maps, such as passwd.adjunct.byname, using ypcat or ypmatch due to improper access restriction by ypserv and ypxfrd.

Recommendations For Solaris 9 versions 113579-02 through 113579-05, apply the patch to update beyond version 113579-05. For Solaris 9 versions 114342-02 through 114342-05, apply the patch to update beyond version 114342-05.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1942

Affected Products

Solaris

PT-2004-2839 · Oracle · Solaris

CVE-2004-1942

Related Identifiers

Affected Products

References · 6