Note: This is an archival copy of Security Sun Alert 201127 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000846.1.
Sun Java System Directory Server 5.2
Date of Resolved Release
A security vulnerability in Sun Java System Directory Server 5.2 may allow a local or remote user to gain unauthorized administrative access to the Directory Server by logging in to the Directory Server console.
This issue can occur in the following releases for all platforms (Solaris 8, Solaris 9, and Solaris 10 on Solaris SPARC and x86 Platforms, Linux, Windows, HP-UX, and AIX):
PatchZIP (Compressed Archive) versions:
And if the initial installation was Sun One Directory Server 5.2:
This issue is dependent on the version that was used during the initial installation of the Directory Server product. If the initial installation was made from an affected version, the wrong user data will have been entered into a file which was created during the installation of the administration server instance. Subsequent upgrades to an unaffected version of the product will not correct this issue. In that case the workaround described in the "Workaround /Resolution" section should still be applied.
There are no predictable symptoms that would indicate the described issue has occurred.
The administrative user password (set during first installation) must be manually changed and can be accomplished in one of two ways:
Using the command line, the following command can be run:
% <serverroot>/bin/admin/adminconfig -server <server>:<port> -user <adminuser>:<adminpassword> -setAdminPwd <new passwd>
Then check that <serverroot>/admin-serv/config/admpw has been changed by using a command such as 'ls(1)' to examine the file's modification time.
Please see the "Relief/Workaround" section above for the resolution to this issue.
This solution has no attachment