Note: This is an archival copy of Security Sun Alert 201111 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000831.1.
Article ID : 1000831.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-05-20
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Sun Java System Communications Services 6 Delegated Administrator 2005Q1



Category
Security

Release Phase
Resolved

Product
Sun Java System Communications Services 6 Delegated Administrator 2005Q1

Bug Id
6318966

Date of Resolved Release
05-DEC-2005

Impact

A Security Vulnerability in Communications Services Delegated Administrator 2005Q1 may allow a remote unauthorized user the ability to gain access to the Top-Level Administrator (TLA) default password.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Sun Java System Communications Services 6 Delegated Administrator 2005Q1 (for Solaris 8, 9, and 10) without patch 119777-09

x86 Platform

  • Sun Java System Communications Services 6 Delegated Administrator 2005Q1 (for Solaris 8, 9, and 10) without patch 119778-09

Linux Platform

  • Sun Java System Communications Services 6 Delegated Administrator 2005Q1 (for RHEL2.1 and RHEL3.0) without patch 119779-09

Note: Solaris 8 for the x86 platform is not affected by this issue.

To determine if Sun Java Communications Services Delegated Administrator 2005Q1 is installed on a system, the following command can be used:

    % pkgparam -v SUNWcomis  | grep SUNW_PRODVERS
    SUNW_PRODVERS=' 6.2-0.10'

Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.


Workaround

To work around the described issue, remove the "configure_toplevel_admin.ldif" file in the "config" directory. This is used only during configuration and is not needed afterwards.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Sun Java System Communications Services 6 Delegated Administrator 2005Q1 (for Solaris 8, 9, and 10) with patch 119777-09 or later

x86 Platform

  • Sun Java System Communications Services 6 Delegated Administrator 2005Q1 (for Solaris 8, 9, and 10) with patch 119778-09 or later

Linux Platform

  • Sun Java System Communications Services 6 Delegated Administrator 2005Q1 (for RHEL2.1 and RHEL3.0) with patch 119779-09 or later


Modification History
Date: 12-DEC-2005
  • Updated Product field

Date: 21-DEC-2005
  • Added note to Contributing Factors section


References

119779-09
119778-09
119777-09




Attachments
This solution has no attachment