Vigil@nce: Solaris, denial of service of SunMC
September 2008 by Vigil@nce
SYNTHESIS
A remote attacker can progressively create a denial of service on
Sun Management Center.
Gravity: 2/4
Consequences: denial of service of service
Provenance: intranet client
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 16/09/2008
Identifier: VIGILANCE-VUL-8112
IMPACTED PRODUCTS
– Sun Solaris [confidential versions]
– Sun Trusted Solaris [confidential versions]
DESCRIPTION
The Sun Management Center product proposes a web site where
administrators authenticate.
The PRM (Performance Reporting Manager) module can be enabled on
SunMC.
When a web user wishes to authenticate and enters an empty
username and password, a memory area is not freed.
An attacker can therefore progressively use system resources, in
order to create a denial of service.
CHARACTERISTICS
Identifiers: 241686, 6722001, BID-31194, VIGILANCE-VUL-8112