CVE-2008-5099

Name of the Vulnerable Software and Affected Versions Sun Logical Domain Manager (aka LDoms Manager or ldm) versions 1.0 through 1.0.3

Description The issue allows local users to bypass the SPARC firmware's password protection and gain privileges or obtain data access. This is achieved by displaying the value of the OpenBoot PROM (OBP) security-password variable in cleartext via the "ldm ls -l" command.

Recommendations For Sun Logical Domain Manager versions 1.0 through 1.0.3, consider restricting access to the ldm ls -l command to minimize the risk of exploitation. As a temporary workaround, limit local user privileges to prevent potential data access or privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.