Performing Initial Installations by Using TFTP

Identity

None.

Authentication

None.

Authorization

No authorization check is done for the requesting client, which does not appear as a serious vulnerability, as the only data transferred is a standard Solaris bootstrap.

No authorization check is done for the supplying server, which is a potentially serious vulnerability as a rogue server could subvert the installation process.

Confidentiality

None, which does not appear as a serious vulnerability, as the only data transferred is a standard Solaris bootstrap.

Integrity

None. Initial installation is vulnerable to productive corruption attacks.

Availability

Flood attacks and corruption attacks might disrupt service.

Accountability

None.

Previous: Performing Initial Installations by Using bootparams
Next: NFS Access by Managed Hosts