{"vuid":"VU#523710","idnumber":"523710","name":"Sun Solaris patches may cause passwords to be logged in clear text","keywords":["Sun","Solaris","112908-12","115168-03","clear text password","LOG_DEBUG","pam_krb5"],"overview":"Sun Solaris contains a vulnerability in which systems configured as kerberos clients that have specific patches installed may log passwords in clear text.","clean_desc":"Sun Microsystems released patches 112908-12 and 115168-03 to address issues in kerberos. There is a vulnerability in these patches that may result in user passwords being logged in clear text. According to the Sun Security Alert: This issue can occur on a Solaris system configured as a kerberos client with patch 112908-12 or 115168-03 installed and any service using pam_krb5 as an \"auth\" module. With the debug feature of pam_krb5 enabled, password authentication for the user will be logged in clear text at LOG_DEBUG level.","impact":"A local user with access to the log files could obtain another user's password.","resolution":"Apply a patch\nSun has issued an advisory which addresses this issue. For more information on patches available for your system, please refer to Sun Security Alert: 57587.","workarounds":"Remove previous patch Back out patch 112908-12 (SPARC platform) or 115168-03 (x86 platform). Disable debug feature of pam_krb5 Search for any matching lines using the following command, and remove the \"debug\" entry from that line in the \"/etc/pam.conf\" (see pam.conf(4)) file: $ egrep -e '[\\\\t ]*[^#].*pam_krb5.*debug' /etc/pam.conf Disable logging of LOG_DEBUG level messages This can be accomplished by the following steps: 1. Remove or comment out entries in the \"etc/syslog.conf\" (see syslog.conf(4)) file that match output from the following command: $ egrep -e '\\*.debug|daemon.debug' /etc/syslog.conf 2. Send a SIGHUP to syslogd: $ pkill -HUP syslog","sysaffected":"","thanks":"This vulnerability was reported by Sun Microsystems Inc.","author":"This document was written by Damon Morda.","public":["http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57587","http://www.securitytracker.com/alerts/2004/Jun/1010530.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-06-22T16:47:07Z","publicdate":"2004-06-17T00:00:00Z","datefirstpublished":"2004-06-24T15:44:27Z","dateupdated":"2004-06-30T13:21:23Z","revision":14,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"10","cam_impact":"8","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"3","cam_scorecurrentwidelyknown":"3.75","cam_scorecurrentwidelyknownexploited":"6.75","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.0,"vulnote":null}