Note: This is an archival copy of Security Sun Alert 267568 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020934.1.
Sun Java System Access Manager 7.0
Sun Java System Access Manager 7.1
OpenSSO Enterprise 8.0
Date of Resolved Release
This Alert covers CVE-2010-0894 for the Sun Java System Access Manager product.
CVE-2010-0894 can be found at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0894
Please see http://www.oracle.com/technology/deploy/security/alerts.htm for more information about Critical Patch Updates and Security Alerts. This publication relates to the CPU for April 2010.
2. Contributing Factors
These issues can occur in the following releases:
1. The issue corresponding to bug 6861920 does not affect Sun Java System Access Manager 7 2005Q4 (7.0)
2. To determine if Sun Java System Access Manager is installed, the following command can be run on a Solaris system:
% pkginfo -l SUNWamsvc || echo "Sun Java Access Manager not installed"3. To determine the version of Sun Java System Access Manager on other systems, the following command can be run:
$ <access-manager-install-dir>/bin/amadmin --version(where <access-manager-install-dir> is the installation directory of Sun Java System Access Manager).
4. To determine the version of OpenSSO on other systems, the following command can be run:
$ <tools-zip-root>/<deploy_uri>/bin/ssoadm --version(where <tools-zip-root> is the directory of the unzipped 'ssoAdminTools.zip' file and <deploy_uri> is the name of the OpenSSO Enterprise deployment URI. For example: opensso)
These issues are addressed in the following releases:
This solution has no attachment