[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-5099Date: (C)2008-11-17   (M)2023-12-22


Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1021224
SUNALERT-243606
BID-32286
SECUNIA-32674
ADV-2008-3154
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1
http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm
sun-ldoms-auth-bypass(46594)

CWE    1
CWE-200

© SecPod Technologies