Sun Solaris LDAP2 client command password disclosure

solaris-ldap2-password-disclosure (25747) The risk level is classified as MediumMedium Risk

Description:

Sun Solaris could allow a local attacker to obtain sensitive information, caused by insecure LDAP2 client commands. If a privileged user executes the idsconfig(1M), ldapadd(1), ldapdelete(1), ldapmodify(1), ldapmodrdn(1) or ldapsearch(1) command, the Directory Server rootDN password could be disclosed to other local users. An attacker could use this password to gain unauthorized access to the Directory Server.


Consequences:

Obtain Information

Remedy:

Refer to Sun Alert ID: 102113 for patch or suggested workaround information. See References.

References:

  • Sun Alert ID: 102113: Security Vulnerability in LDAP2 Client Commands.
  • ASA-2006-122: Sun Alert Notifications from Sun Weekly Report dated April 15 2006
  • BID-17479: Sun Solaris LDAP2 RootDN Password Disclosure Vulnerability
  • CVE-2006-1782: Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or insecurely runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch.
  • OSVDB ID: 24563: Solaris LDAP2 idsconfig rootDN Password Local Disclosure
  • OSVDB ID: 24564: Solaris LDAP2 ldapadd rootDN Password Local Disclosure
  • OSVDB ID: 24565: Solaris LDAP2 ldapdelete rootDN Password Local Disclosure
  • OSVDB ID: 24566: Solaris LDAP2 ldapmodify rootDN Password Local Disclosure
  • OSVDB ID: 24567: Solaris LDAP2 ldapmodrdn rootDN Password Local Disclosure
  • OSVDB ID: 24568: Solaris LDAP2 ldapsearch rootDN Password Local Disclosure
  • SA19638: Sun Solaris LDAP2 Client Commands Security Issue
  • SA21493: Avaya CMS / IR Sun Solaris LDAP2 and "sh" Vulnerabilities
  • SECTRACK ID: 1015903: Sun Solaris LDAP Client May Disclose RootDN Password to Local Users
  • VUPEN/ADV-2006-1334: Sun Solaris LDAP2 Commands Directory Server rootDN Password Disclosure

Platforms Affected:

  • Sun Solaris 8 x86
  • Sun Solaris 8 SPARC
  • Sun Solaris 9 x86
  • Sun Solaris 9 SPARC

Reported:

Apr 11, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page