|
Sun Java System Communications Services Delegated Administrator Password Disclosure
|
|
Secunia Advisory:
|
SA17889
|
|
|
Release Date:
|
2005-12-06
|
|
Popularity:
|
5,522 views
|
|
|
Critical:
|
 Not critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Sun Java System Messaging Server 6.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
Description: A weakness has been reported in Sun Java System Messaging Server, which can be exploited by malicious people to disclose potentially sensitive information.
The weakness is caused due to an unspecified error in the Communications Services Delegated Administrator. This can be exploited by unauthorised users to gain access to the Top-Level Administrator (TLA) default password.
The weakness has been reported in Sun Java System Communications Services 6 Delegated Administrator 2005Q1.
Solution: Apply patch.
-- SPARC Platform --
Sun Java System Communications Services 6 Delegated Administrator 2005Q1:
Apply patch 119777-09 or later (for Solaris 8, 9, and 10).
-- x86 Platform --
Sun Java System Communications Services 6 Delegated Administrator 2005Q1:
Apply patch 119778-09 or later (for Solaris 8, 9, and 10).
-- Linux Platform --
Sun Java System Communications Services 6 Delegated Administrator 2005Q1:
Apply patch 119779-09 or later (for RHEL2.1 and RHEL3.0).
Note: The vendor recommends deleting the "configure_toplevel_admin.ldif" file in the "config" directory as a workaround. This file is used only during configuration and is not needed later.
Provided and/or discovered by: Reported by vendor.
Original Advisory: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102068-1
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|