SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Sun Java System Access Manager Vendors:   Sun
Sun Java System Access Manager Discloses Passwords to Remote Authenticated Administrative Users
SecurityTracker Alert ID:  1021605
SecurityTracker URL:  http://securitytracker.com/id/1021605
CVE Reference:   CVE-2009-0170   (Links to External Site)
Updated:  Feb 9 2009
Original Entry Date:  Jan 15 2009
Impact:   Disclosure of authentication information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.3 2005Q1, 7 2005Q4
Description:   A vulnerability was reported in Sun Java System Access Manager. A remote authenticated administrative user can view certain passwords.

Certain configuration items visible via the administration console may reveal passwords. A remote authenticated user with privileges to access the administration console can view passwords that allow the user to gain unauthorized access to resources.

Sun Java System Identity Manager 7.1 is also affected.

Impact:   A remote authenticated administrative user can view certain passwords.
Solution:   The vendor has issued a fix.

SPARC Platform

* Sun Java System Access Manager 7.1 (for Solaris 8, 9 and 10) with patch 126356-02 or later
* Sun Java System Access Manager 7 2005Q4 (for Solaris 8, 9 and 10) with patch 120954-08 or later
* Sun Java System Access Manager 6.3 2005Q1 (for Solaris 8, 9 and 10) with patch 119465-15 or later

x86 Platform

* Sun Java System Access Manager 7.1 (for Solaris 8, 9 and 10) with patch 126357-02 or later
* Sun Java System Access Manager 7 2005Q4 (for Solaris 9 and 10) with patch 120955-08 or later
* Sun Java System Access Manager 6.3 2005Q1 (for Solaris 8, 9 and 10) with patch 119465-15 or later

Linux Platform

* Sun Java System Access Manager 7.1 with patch 126358-02 or later
* Sun Java System Access Manager 7 2005Q4 with patch 120956-08 or later
* Sun Java System Access Manager 6.3 2005Q1 with patch 119502-15 or later

Windows Platform

* Sun Java System Access Manager 7.1 with patch 126359-02 or later
* Sun Java System Access Manager 7 2005Q4 with patch 124296-08 or later

HP-UX

* Sun Java System Access Manager 7 2005Q4 with patch 126371-08 or later

Other

* Sun Java System Access Manager 7.1 WAR file-based installation (all platforms) with patch 140504-02 or later

The vendor's advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-242166-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-66-242166-1 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC