Note: This is an archival copy of Security Sun Alert 242166 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019607.1.
Sun Java System Access Manager 7 2005Q4
Sun Java System Identity Manager 7.1
Sun Java System Access Manager 6.3 2005Q1
Date of Resolved Release
A security vulnerability in the Sun Java System Access Manager may allow unauthorized access to resources:
A security vulnerability in the Sun Java System Access Manager may allow unauthorized access to resources by revealing passwords to remote users who have privileges to access the administration console.
2. Contributing Factors
This issue can occur in the following releases:
To determine the version of Access Manager on a Solaris system, the following command can be run:
$ pkgparam SUNWamsvc VERSIONTo determine the version of Sun Java System Access Manager on other systems, the following command can be run (as the "root" user):
# <access-manager-install-dir>/bin/amadmin --version3. Symptoms
There are no predictable symptoms that would indicate the described issue has been exploited.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment