Vigil@nce: Solaris, denial of service of SunMC
September 2008 by Vigil@nce
A remote attacker can progressively create a denial of service on Sun Management Center.
Consequences: denial of service of service
Provenance: intranet client
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 16/09/2008
Sun Solaris [confidential versions]
Sun Trusted Solaris [confidential versions]
The Sun Management Center product proposes a web site where administrators authenticate.
The PRM (Performance Reporting Manager) module can be enabled on SunMC.
When a web user wishes to authenticate and enters an empty username and password, a memory area is not freed.
An attacker can therefore progressively use system resources, in order to create a denial of service.
Identifiers: 241686, 6722001, BID-31194, VIGILANCE-VUL-8112