Note: This is an archival copy of Security Sun Alert 275790 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021793.1.
Date of Resolved Release
A Security Vulnerability Exists if an OpenSolaris System was Joined to a Windows Domain Using kclient(1M) or smbadm(1M)
An insecure default configuration security vulnerability exists in the way the Kerberos client utility (kclient(1M)) and the CIFS configuration utility (smbadm(1M)) join a Windows Active Directory domain.
2. Contributing Factors
This issue can occur in the following releases:
OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. To determine the base build of OpenSolaris, the following command can be used:
$ uname -v
There are no predictable symptoms that would indicate the described issue has occurred.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
For kclient(1M), an example would be:
$ kclient -T ms_adFor smbadm(1M), an example would be:
$ smbadm join -u administrator EXAMPLE.COMFor more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment