Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users.
References
Link | Resource |
---|---|
http://seclists.org/lists/bugtraq/2005/Jun/0251.html | Exploit Mailing List Patch Third Party Advisory Vendor Advisory |
http://secunia.com/advisories/15853 | Not Applicable Patch Vendor Advisory |
http://www.securityfocus.com/bid/14084 | Broken Link Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
No history.
Information
Published : 2005-07-05 04:00
Updated : 2024-02-28 10:42
NVD link : CVE-2005-2136
Mitre link : CVE-2005-2136
CVE.ORG link : CVE-2005-2136
JSON object : View
Products Affected
raritan
- dominion_sx16_firmware
- dominion_sx8
- dominion_sxa-48
- dominion_sx4
- dominion_sx8_firmware
- dominion_sx4_firmware
- dominion_sx32
- dominion_sxa-48_firmware
- dominion_sx16
- dominion_sx32_firmware
CWE
CWE-863
Incorrect Authorization