CVE-2008-5099 - Vulnerability Details - OpenCVE

Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sun	Logical Domain Manager

Configuration 1 [-]

OR	cpe:2.3:a:sun:logical_domain_manager:1.0:_nil_:sparc:::::*
	cpe:2.3:a:sun:logical_domain_manager:1.0.1:_nil_:sparc:::::*
	cpe:2.3:a:sun:logical_domain_manager:1.0.2:_nil_:sparc:::::*
	cpe:2.3:a:sun:logical_domain_manager:1.0.3:_nil_:sparc:::::*

No data.

References

Link	Providers
http://secunia.com/advisories/32674
http://securitytracker.com/id?1021224
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243606-1
http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm
http://www.securityfocus.com/bid/32286
http://www.vupen.com/english/advisories/2008/3154
https://exchange.xforce.ibmcloud.com/vulnerabilities/46594

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-17T18:00:00

Updated: 2024-08-07T10:40:17.230Z

Reserved: 2008-11-17T00:00:00

Link: CVE-2008-5099

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-11-17T18:18:47.937

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5099

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the \"ldm ls -l\" command, a different vulnerability than CVE-2008-4992."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1"}, {"name": "1021224", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1021224"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1"}, {"name": "243606", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243606-1"}, {"name": "32674", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32674"}, {"name": "ADV-2008-3154", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3154"}, {"name": "32286", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32286"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1"}, {"name": "sun-ldoms-auth-bypass(46594)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46594"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5099", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the \"ldm ls -l\" command, a different vulnerability than CVE-2008-4992."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm"}, {"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1", "refsource": "CONFIRM", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1"}, {"name": "1021224", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1021224"}, {"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1", "refsource": "CONFIRM", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1"}, {"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1", "refsource": "CONFIRM", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1"}, {"name": "243606", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243606-1"}, {"name": "32674", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32674"}, {"name": "ADV-2008-3154", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3154"}, {"name": "32286", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32286"}, {"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1", "refsource": "CONFIRM", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1"}, {"name": "sun-ldoms-auth-bypass(46594)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46594"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:40:17.230Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1"}, {"name": "1021224", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1021224"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1"}, {"name": "243606", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243606-1"}, {"name": "32674", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32674"}, {"name": "ADV-2008-3154", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/3154"}, {"name": "32286", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32286"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1"}, {"name": "sun-ldoms-auth-bypass(46594)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46594"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5099", "datePublished": "2008-11-17T18:00:00", "dateReserved": "2008-11-17T00:00:00", "dateUpdated": "2024-08-07T10:40:17.230Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:logical_domain_manager:1.0:_nil_:sparc:*:*:*:*:*", "matchCriteriaId": "E9B820C8-745D-4FE6-98D3-5394AEF28AE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:logical_domain_manager:1.0.1:_nil_:sparc:*:*:*:*:*", "matchCriteriaId": "E77685AA-DE79-4033-A407-936CA647B1D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:logical_domain_manager:1.0.2:_nil_:sparc:*:*:*:*:*", "matchCriteriaId": "1E40E231-2AA1-48AE-8A1F-5F69EC7B63BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:logical_domain_manager:1.0.3:_nil_:sparc:*:*:*:*:*", "matchCriteriaId": "7AC95A91-C8CE-4D72-80EB-EAA1303AA205", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the \"ldm ls -l\" command, a different vulnerability than CVE-2008-4992."}, {"lang": "es", "value": "Sun Logical Domain Manager (tambi\u00e9n conocido como LDoms Manager o ldm) v1.0 hasta v1.0.3 muestra el valor de la variable de seguridad de contrase\u00f1as OpenBoot PROM (OBP) en texto sin formato, lo cual permite a usuarios locales evitar la protecci\u00f3n de contrase\u00f1as SPARC firmware, y obtener privilegios o datos de acceso, a trav\u00e9s del comando \"ldm ls -l\", una vulnerabilidad diferente de CVE-2008-4992."}], "evaluatorComment": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243606-1\r\n\r\nNote: The x86 Platform is not affected by this issue, as Logical Domains (LDoms) software is supported only on the Sun SPARC Platform.", "id": "CVE-2008-5099", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-17T18:18:47.937", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32674"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1021224"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243606-1"}, {"source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32286"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/3154"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32674"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1021224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243606-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/32286"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/3154"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46594"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}