| Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability CVE-2010-0558 CVE-2010-0559
OpenSolaris: user access via kclient or smbadm
Synthesis of the vulnerability
| An attacker can guess the password used by kclient or smbadm. |
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet client.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 05/02/2010.
|
Impacted products
Description of the vulnerability
The kclient.sh and smbadm commands can be used to join a Windows Active Directory domain.
In order to do so, these commands generate a password for the computer, and then set it with /usr/lib/krb5/ksetpw.
However, the generated password is not sufficiently random, so it can be predicted.
An attacker can therefore guess the password generated by kclient or smbadm, in order to spoof the identity of the computer on the domain. |
Characteristics
Title: OpenSolaris: user access via kclient or smbadm
Identifiers: 275790, 6913788, 6913833, BID-38089, CVE-2010-0558, CVE-2010-0559, VIGILANCE-VUL-9410.
Url: https://vigilance.fr/tree/1/9410
|
Information sources
Solutions for this vulnerability
|