VYPR

Solaris 8, 9, and 10

by Oracle Corporation

CVEs (1)

  • CVE-2011-0412Apr 19, 2011
    risk 0.00cvss epss 0.00

    Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.