Note: This is an archival copy of Security Sun Alert 200015 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000012.1.
Article ID : 1000012.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-11-06
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Solaris 10 Sun Update Connection Web Proxy Password Disclosure Vulnerability



Category
Security

Release Phase
Resolved

Product
Sun Update Connection - System
Solaris 10 Operating System

Bug Id
6304563

Date of Resolved Release
07-DEC-2005

Impact

Solaris 10 with Sun Update Connection Services, a web proxy password may be visible to unauthorized local users on the affected system and also in the web proxy log files at the web proxy server. In addition, this issue prevents Sun Update Connection from authenticating to the web proxy server.

Sun Acknowledges with thanks Nicholas Brealey of Culham Electromagnetics and Lightning for bringing this issue to our attention.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 with patches 119107-01 through 119107-03 and without patch 119107-04

x86 Platform

  • Solaris 10 with patches 119108-01 through 119108-03 and without patch 119108-04

Note: This issue occurs only when Sun Update Connection is configured to use a web proxy with password authentication enabled.


Symptoms

Sun Update Connection with proxy authentication enabled does not work. Password may be visible in web proxy log files.


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 119107-04 or later

x86 Platform

  • Solaris 10 with patch 119108-04 or later

Note: Your web proxy password may have been compromised. It is advisable to change your web proxy password



References

119107-04
119108-04




Attachments
This solution has no attachment