Note: This is an archival copy of Security Sun Alert 201933 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001430.1.
Article ID : 1001430.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-06-15
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Solaris 8 LDAP Clients May Log the Proxy Agent User's Password as Clear Text



Category
Security

Release Phase
Resolved

Product
Solaris 8 Operating System

Bug Id
4861279

Date of Resolved Release
18-JUL-2003

Impact

Local unprivileged users may be able to gain access to the password of the privileged proxy agent on Solaris 8 systems configured as LDAP (see ldap(1)) clients.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 with patch 108993-18 through 108993-20 and without patch 108993-21 or later

x86 Platform

  • Solaris 8 with patch 108994-18 through 108994-20 and without patch 108994-21 or later

This issue may only occur with Solaris 8 systems configured as LDAP clients.

To check if the system is configured as an LDAP client, use the following command:

    $ ldapclient -l
NS_LDAP_FILE_VERSION= 1.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=blr03-01,dc=india,dc=sun,dc=com
NS_LDAP_BINDPASSWD= {NS1}3d1a48e906c04161baa4
NS_LDAP_SERVERS= 1XX.1XX.233.128
NS_LDAP_SEARCH_BASEDN= dc=blr03-01,dc=india,dc=Sun,dc=COM
NS_LDAP_AUTH= NS_LDAP_AUTH_SIMPLE
NS_LDAP_SEARCH_REF= NS_LDAP_FOLLOWREF
NS_LDAP_SEARCH_SCOPE= NS_LDAP_SCOPE_ONELEVEL
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_PROFILE= s8prof1

Notes:

  • Solaris 2.6, 7 and 9 are not affected
  • Patch 108994-21 was not issued for standard distribution

Symptoms

The password of the privileged proxy agent user may be sent to the syslog daemon (syslogd(1M)) and logged in clear text.


Workaround

To work around the described issue, edit the "/etc/syslog.conf" file and remove the string "*.err" to prevent the proxy agent user's password from being logged.

Change:

    *.err;kern.debug;mail.crit     /var/adm/messages

to

    kern.debug;mail.crit     /var/adm/messages

Note: Removing the "*.err;" level from the "/etc/syslog.conf" file will result in certain error messages not getting logged. See the syslog.conf(4) man page for more details.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 108993-21 or later

x86 Platform

  • Solaris 8 with patch 108994-21 or later


Modification History

References

108993-22
108994-22




Attachments
This solution has no attachment