Vulnerability Description
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Solaris | 9.0 |
References
- http://secunia.com/advisories/11940/
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57587
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101519-1
- http://www.ciac.org/ciac/bulletins/o-172.shtmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/523710PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10606
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16450
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/11940/
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57587
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101519-1
- http://www.ciac.org/ciac/bulletins/o-172.shtmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/523710PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10606
FAQ
What is CVE-2004-0653?
CVE-2004-0653 is a vulnerability with a CVSS score of 2.1 (LOW). Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could all...
How severe is CVE-2004-0653?
CVE-2004-0653 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0653?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Solaris.