CVE-2004-1942 - Vulnerability Details - OpenCVE

The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sun	Patch Manager

Configuration 1 [-]

OR	cpe:2.3:a:sun:patch_manager:113579-02:::::::*
	cpe:2.3:a:sun:patch_manager:113579-03:::::::*
	cpe:2.3:a:sun:patch_manager:113579-04:::::::*
	cpe:2.3:a:sun:patch_manager:113579-05:::::::*
	cpe:2.3:a:sun:patch_manager:114342-02:::::::*
	cpe:2.3:a:sun:patch_manager:114342-03:::::::*
	cpe:2.3:a:sun:patch_manager:114342-04:::::::*
	cpe:2.3:a:sun:patch_manager:114342-05:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=108241638500417&w=2
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57554-1
http://www.ciac.org/ciac/bulletins/o-144.shtml
http://www.securityfocus.com/bid/10261
https://exchange.xforce.ibmcloud.com/vulnerabilities/15908

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-10T04:00:00

Updated: 2024-08-08T01:07:49.156Z

Reserved: 2005-05-04T00:00:00

Link: CVE-2004-1942

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2004-04-19T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-1942

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20040419 Solaris 9 patch 113579-03 introduces a NIS security bug", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108241638500417&w=2"}, {"name": "O-144", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC"], "url": "http://www.ciac.org/ciac/bulletins/o-144.shtml"}, {"name": "10261", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10261"}, {"name": "57554", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57554-1"}, {"name": "solaris-nis-unauth-privileges(15908)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15908"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1942", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20040419 Solaris 9 patch 113579-03 introduces a NIS security bug", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108241638500417&w=2"}, {"name": "O-144", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/o-144.shtml"}, {"name": "10261", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10261"}, {"name": "57554", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57554-1"}, {"name": "solaris-nis-unauth-privileges(15908)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15908"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:07:49.156Z"}, "title": "CVE Program Container", "references": [{"name": "20040419 Solaris 9 patch 113579-03 introduces a NIS security bug", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108241638500417&w=2"}, {"name": "O-144", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred"], "url": "http://www.ciac.org/ciac/bulletins/o-144.shtml"}, {"name": "10261", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10261"}, {"name": "57554", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57554-1"}, {"name": "solaris-nis-unauth-privileges(15908)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15908"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1942", "datePublished": "2005-05-10T04:00:00", "dateReserved": "2005-05-04T00:00:00", "dateUpdated": "2024-08-08T01:07:49.156Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:patch_manager:113579-02:*:*:*:*:*:*:*", "matchCriteriaId": "F4BFDD50-C76F-4CA3-BB85-816BC952C830", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:patch_manager:113579-03:*:*:*:*:*:*:*", "matchCriteriaId": "35F846EE-A414-4E81-985B-012D3BF9A399", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:patch_manager:113579-04:*:*:*:*:*:*:*", "matchCriteriaId": "B5887A12-75C4-4A22-B7F5-0D58B65C9532", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:patch_manager:113579-05:*:*:*:*:*:*:*", "matchCriteriaId": "BBCC4A2A-C183-4ED3-8740-A60E34EBB811", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:patch_manager:114342-02:*:*:*:*:*:*:*", "matchCriteriaId": "4BE6CDF9-2B0F-42BB-9D4B-D9403EBCDEF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:patch_manager:114342-03:*:*:*:*:*:*:*", "matchCriteriaId": "08F63C33-D277-405B-934D-53E6FD297ABD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:patch_manager:114342-04:*:*:*:*:*:*:*", "matchCriteriaId": "7F767F42-9115-4879-8827-52AF8D551ED4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:patch_manager:114342-05:*:*:*:*:*:*:*", "matchCriteriaId": "D31CE44C-8522-4AC2-A0CF-3B758B5553F7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname."}], "id": "CVE-2004-1942", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-04-19T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108241638500417&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57554-1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.ciac.org/ciac/bulletins/o-144.shtml"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10261"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15908"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=108241638500417&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57554-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.ciac.org/ciac/bulletins/o-144.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15908"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}