Vulnerability allows unauthorized administrative access in Sun Java System Directory Server
Sun Microsystems has warned in a security advisory of a vulnerability in Java System Directory Server that could allow unprivileged users to gain administrative access to the server. The vulnerability is caused by the server incorrectly classifying a connection based on the bind-dn
criteria, resulting in an incorrect policy being applied.
The problem affects Java System Directory Server 6.0, 6.1 and 6.2 on all supported platforms. The advisory claims that Version 5.2 is not affected. Sun has provided updates to Version 6.3, which resolve the issue. Administrators should apply this update as soon as possible.
See also:
- Security Vulnerability in Sun Java System Directory Proxy Server May Grant Unauthorized Administrative Access, Sun security advisory
(mba)