Note: This is an archival copy of Security Sun Alert 201127 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000846.1.
Article ID : 1000846.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-11-06
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Sun Java System Directory Server Related to Initial Installation Data

Category
Security

Release Phase
Resolved

Product
Sun Java System Directory Server 5.2

Bug Id
4927976

Date of Resolved Release
16-MAY-2006

Impact

A security vulnerability in Sun Java System Directory Server 5.2 may allow a local or remote user to gain unauthorized administrative access to the Directory Server by logging in to the Directory Server console.


Contributing Factors

This issue can occur in the following releases for all platforms (Solaris 8, Solaris 9, and Solaris 10 on Solaris SPARC and x86 Platforms, Linux, Windows, HP-UX, and AIX):

PatchZIP (Compressed Archive) versions:

  • Sun Java System Directory Server 5.2

And if the initial installation was Sun One Directory Server 5.2:

  • Sun Java System Directory Server 5.2 Patch2
  • Sun Java System Directory Server 5.2 Patch3
  • Sun Java System Directory Server 5.2 Patch4

Notes:

  1. This issue does not occur with the installation of Sun Java Directory Server 5 (2003Q4, 2004Q2, 2005Q1, 2005Q4) using native package installations.
  2. Sun ONE Directory Server 5.1 and earlier versions are not affected by this issue.
  3. The issue does not occur with a full (non-incremental) zip install of 5.2 Patch4. The full install is not available with Patch2 or Patch3, and as a result, these patch revisions are always affected.

This issue is dependent on the version that was used during the initial installation of the Directory Server product. If the initial installation was made from an affected version, the wrong user data will have been entered into a file which was created during the installation of the administration server instance. Subsequent upgrades to an unaffected version of the product will not correct this issue. In that case the workaround described in the "Workaround /Resolution" section should still be applied.


Symptoms

There are no predictable symptoms that would indicate the described issue has occurred.


Workaround

The administrative user password (set during first installation) must be manually changed and can be accomplished in one of two ways:

Administrative Console:

  1. Start the console and log in as "administrator" or "directory manager"
  2. Select "admin server"
  3. Select "user" tab
  4. Select "access" tab
  5. Set the new password

Or:

Using the command line, the following command can be run:

% <serverroot>/bin/admin/adminconfig -server <server>:<port> -user <adminuser>:<adminpassword> -setAdminPwd <new passwd>

Then check that <serverroot>/admin-serv/config/admpw has been changed by using a command such as 'ls(1)' to examine the file's modification time.


Resolution

Please see the "Relief/Workaround" section above for the resolution to this issue.











Attachments
This solution has no attachment