TITLE: Sun Solaris LDAP2 Client Commands Security Issue SECUNIA ADVISORY ID: SA19638 VERIFY ADVISORY: http://secunia.com/advisories/19638/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system OPERATING SYSTEM: Sun Solaris 8 http://secunia.com/product/94/ Sun Solaris 9 http://secunia.com/product/95/ DESCRIPTION: A security issue has been reported in Sun Solaris, which can be exploited by malicious, local users to gain knowledge of sensitive information. The problem is that the Directory Server rootDN (Distinguished Name) password may be disclosed to local users when a privileged users runs the idsconfig command or certain LDAP commands (ldapadd, ldapdelete, ldapmodify, ldapmodrdn, and ldapsearch). SOLUTION: Apply patches. -- SPARC Platform -- Solaris 8: Apply patch 108993-51 or later. Solaris 9: Apply patch 115677-02 or later and 121321-01 or later. -- x86 Platform -- Solaris 8: Apply patch 108994-51 or later. Solaris 9: Apply patch 115678-02 or later and 121322-01 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Michael Gerdts. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102113-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------