Note: This is an archival copy of Security Sun Alert 267568 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020934.1.
Article ID : 1020934.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-05-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

This Alert Covers CVE-2010-0894 for the Sun Java System Access Manager Product



Category
Security

Release Phase
Resolved

Bug Id
6872718, 6861920

Product
Sun Java System Access Manager 7.0
Sun Java System Access Manager 7.1
OpenSSO Enterprise 8.0

Date of Resolved Release
12-Apr-2010

.

1. Impact

This Alert covers CVE-2010-0894 for the Sun Java System Access Manager product.

CVE-2010-0894 can be found at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0894

Please see http://www.oracle.com/technology/deploy/security/alerts.htm for more information about Critical Patch Updates and Security Alerts. This publication relates to the CPU for April 2010.

2. Contributing Factors

These issues can occur in the following releases:

SPARC Platform
  • Sun Java System Access Manager 7 2005Q4 (for Solaris 8, 9 and 10) without patch 120954-11
  • Sun Java System Access Manager 7.1 (for Solaris 8, 9 and 10) without patch 126356-04
    x86 Platform
    • Sun Java System Access Manager 7 2005Q4 (for Solaris 9 and 10) without patch 120955-11
    • Sun Java System Access Manager 7.1 (for Solaris 8, 9 and 10) without patch 126357-04
    Linux Platform
    • Sun Java System Access Manager 7 2005Q4 without patch 120956-11
    • Sun Java System Access Manager 7.1 without patch 126358-04
    Windows Platform
    • Sun Java System Access Manager 7 2005Q4 without patch 124296-11
    • Sun Java System Access Manager 7.1 without patch 126359-04
    HP-UX
    • Sun Java System Access Manager 7 2005Q4 without patch 126371-11
    Other
    • Sun Java System Access Manager 7.1 WAR file-based installation (all supported platforms) without patch 140504-04
    • OpenSSO Enterprise 8.0 (for all supported platforms) without patch 141655-03
    Notes:

    1. The issue corresponding to bug 6861920 does not affect Sun Java System Access Manager 7 2005Q4 (7.0)

    2. To determine if Sun Java System Access Manager is installed, the following command can be run on a Solaris system:
    % pkginfo -l SUNWamsvc || echo "Sun Java Access Manager not installed"
    PKGINST:  SUNWamsvc
    NAME:  Sun Java System Access Manager Services
    CATEGORY:  application
    ARCH:  all
    VERSION:  7.1,REV=06.12.19.15.12
    3. To determine the version of Sun Java System Access Manager on other systems, the following command can be run:
    $ <access-manager-install-dir>/bin/amadmin --version
    Sun Java System Access Manager 7.1
    (where <access-manager-install-dir> is the installation directory of Sun Java System Access Manager).

    4. To determine the version of OpenSSO on other systems, the following command can be run:
    $ <tools-zip-root>/<deploy_uri>/bin/ssoadm --version
    OpenSSO Enterprise 8.0
    (where <tools-zip-root> is the directory of the unzipped 'ssoAdminTools.zip' file and <deploy_uri> is the name of the OpenSSO Enterprise deployment URI. For example: opensso)

    3. Symptoms


    4. Workaround


    5. Resolution

    These issues are addressed in the following releases:

    SPARC Platform
    • Sun Java System Access Manager 7 2005Q4 (for Solaris 8, 9 and 10) with patch 120954-11 or later
    • Sun Java System Access Manager 7.1 (for Solaris 8, 9 and 10) with patch 126356-04 or later
    x86 Platform
    • Sun Java System Access Manager 7 2005Q4 (for Solaris 9 and 10) with patch 120955-11 or later
    • Sun Java System Access Manager 7.1 (for Solaris 8, 9 and 10) with patch 126357-04 or later
    Linux Platform
    • Sun Java System Access Manager 7 2005Q4 with patch 120956-11 or later
    • Sun Java System Access Manager 7.1 with patch 126358-04 or later
    Windows Platform
    • Sun Java System Access Manager 7 2005Q4 with patch 124296-11 or later
    • Sun Java System Access Manager 7.1 with patch 126359-04 or later
    HP-UX
    • Sun Java System Access Manager 7 2005Q4 with patch 126371-11 or later
    Other
    • OpenSSO Enterprise 8.0 (all supported platforms) with patch 141655-03 or later
    • Sun Java System Access Manager 7.1 WAR file-based installation (all supported platforms) with patch 140504-04 or later


    References

    141655-03
    120954-11
    120955-11
    120956-11
    124296-11
    126371-11
    126356-04
    126357-04
    126358-04
    126359-04
    140504-04





    Attachments
    This solution has no attachment