Sun patches Java System LDAP JDK
Sun Microsystems has reported a security problem with its Java System LDAP Java Development Kit. The problem allows local unprivileged users to gain to access unauthorised information when using applications built with the LDAP JDK. The problem is caused by a flaw in the search feature of the LDAP JDK.
According to the vendor, the hole can be exploited in LDAP JDK 4.19 for Sun Java System Access Manager 7 2005Q4, 7.1 and 6 2005Q1 (each for Solaris 8,9 and 10 as well as Red Hat Enterprise Linux 2.1). The problem also affects LDAP JDK 4.19 for HP-UX and Windows. Patches for the respective platforms resolve the vulnerability.