Note: This is an archival copy of Security Sun Alert 201111 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000831.1.
Sun Java System Communications Services 6 Delegated Administrator 2005Q1
Date of Resolved Release
A Security Vulnerability in Communications Services Delegated Administrator 2005Q1 may allow a remote unauthorized user the ability to gain access to the Top-Level Administrator (TLA) default password.
This issue can occur in the following releases:
Note: Solaris 8 for the x86 platform is not affected by this issue.
To determine if Sun Java Communications Services Delegated Administrator 2005Q1 is installed on a system, the following command can be used:
% pkgparam -v SUNWcomis | grep SUNW_PRODVERS SUNW_PRODVERS=' 6.2-0.10'
There are no predictable symptoms that would indicate the described issue has been exploited.
To work around the described issue, remove the "configure_toplevel_admin.ldif" file in the "config" directory. This is used only during configuration and is not needed afterwards.
This issue is addressed in the following releases:
This solution has no attachment