Description
Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users.
Product(s):
- Raritan Dominion SX16 Firmware
- Raritan Dominion SX32 Firmware 2.4.6
- Raritan Dominion SX4 Firmware
- Raritan Dominion SX8 Firmware
- Raritan Dominion SXA-48 Firmware
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-2136, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-2136 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.