Search:

December 2005

Three Sun Microsystems Advisories:

ID: 01080
Ref: 1014/2005
Date: 12 December 2005:15:13:16
Version: 1

Title: Three Sun Microsystems Advisories:
Abstract:
Vendors affected: Sun
Operating systems affected: Sun
Applications affected: Sun

Title
=====

Three Sun Microsystems Advisories:

1. Security Vulnerability in Sun Java System Communications
Services 6 Delegated Administrator 2005Q1

2. Security Vulnerability With Sun Java System Application
Server Reverse SSL Proxy Plugin

3. Solaris 10 Sun Update Connection Web Proxy Password
Disclosure Vulnerability

Detail
======

1. A Security Vulnerability in Communications Services Delegated
Administrator 2005Q1 may allow a remote unauthorized user the ability
to gain access to the Top-Level Administrator (TLA) default password.

2. A security vulnerability exists in the Proxy Plug-in for certain Sun
ONE and Java System Application Server products when the plug-in is
used with a supported web server, such as Sun Java System Web Server,
Apache Web Server or Microsoft Internet Information Server (IIS). This
vulnerability may allow a "Man-in-the-Middle" condition to be
exploited and possibly compromise data privacy between the client and
the server.

3. Solaris 10 with Sun Update Connection Services, a web proxy password
may be visible to unauthorized local users on the affected system and
also in the web proxy log files at the web proxy server. In addition,
this issue prevents Sun Update Connection from authenticating to the
web proxy server.

1.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================

ESB-2005.0966 -- [Solaris]
Security Vulnerability in Sun Java System Communications
Services 6 Delegated Administrator 2005Q1
7 December 2005

===========================================================================

Product: Sun Java System Messaging Server 6 2005Q1
Publisher: Sun Microsystems
Operating System: Solaris 8, 9 and 10
Impact: Administrator Compromise
Access: Remote/Unauthenticated

Original Bulletin:
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102068-1

- - --------------------------BEGIN INCLUDED TEXT--------------------

Sun(sm) Alert Notification
* Sun Alert ID: 102068
* Synopsis: Security Vulnerability in Sun Java System Communications
Services 6 Delegated Administrator 2005Q1
* Category: Security
* Product: Sun Java System Messaging Server 6 2005Q1
* BugIDs: 6318966
* Avoidance: Patch, Workaround
* State: Resolved
* Date Released: 05-Dec-2005
* Date Closed: 05-Dec-2005
* Date Modified:

1. Impact

A Security Vulnerability in Communications Services Delegated
Administrator 2005Q1 may allow a remote unauthorized user the ability
to gain access to the Top-Level Administrator (TLA) default password.

2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform
* Sun Java System Communications Services 6 Delegated Administrator
2005Q1 (for Solaris 8, 9, and 10) without patch 119777-09

x86 Platform
* Sun Java System Communications Services 6 Delegated Administrator
2005Q1 (for Solaris 8, 9, and 10) without patch 119778-09

Linux Platform
* Sun Java System Communications Services 6 Delegated Administrator
2005Q1 (for RHEL2.1 and RHEL3.0) without patch 119779-09

To determine if Sun Java Communications Services Delegated
Administrator 2005Q1 is installed on a system, the following command
can be used:
% pkgparam -v SUNWcomis | grep SUNW_PRODVERS
SUNW_PRODVERS=' 6.2-0.10'

3. Symptoms

There are no predictable symptoms that would indicate the described
issue has been exploited.

4. Relief/Workaround

To work around the described issue, remove the
"configure_toplevel_admin.ldif" file in the "config" directory. This
is used only during configuration and is not needed afterwards.

5. Resolution

This issue is addressed in the following releases:

SPARC Platform
* Sun Java System Communications Services 6 Delegated Administrator
2005Q1 (for Solaris 8, 9, and 10) with patch 119777-09 or later

x86 Platform
* Sun Java System Communications Services 6 Delegated Administrator
2005Q1 (for Solaris 8, 9, and 10) with patch 119778-09 or later

Linux Platform
* Sun Java System Communications Services 6 Delegated Administrator
2005Q1 (for RHEL2.1 and RHEL3.0) with patch 119779-09 or later

This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.

Copyright 2000-2005 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved

- - --------------------------END INCLUDED TEXT--------------------

iQCVAwUBQ5ZAOyh9+71yA2DNAQJTSgP5ARVCSbFDwS68gADQ4wndFeXWZTokReAF
qHgUbrJNEMku50MuCONwxkKSwPPu6YzAoBche+u6WMa7x8qNIWs7AMWfS047drcy
SgK4bpIX91splkg1VdSBA1Mscxr+pFXq8mN9nMkOMA+ZQ7+6u7qPBdiUbBKtRTaa
/fd/YdSS7HY=
=BenT
- -----END PGP SIGNATURE-----

2.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================

ESB-2005.0967 -- [Win][Linux][Solaris]
Security Vulnerability With Sun Java System Application
Server Reverse SSL Proxy Plugin
7 December 2005

===========================================================================

Product: Sun Java System Application Server Standard 7 2004Q2
Sun ONE Application Server 7 Standard
Sun Java System Application Server Enterprise 8.1 2005Q1
Publisher: Sun Microsystems
Operating System: Solaris
Linux variants
Windows
Impact: Access Confidential Data
Access: Remote/Unauthenticated

Original Bulletin:
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102012-1

- - --------------------------BEGIN INCLUDED TEXT--------------------

Sun(sm) Alert Notification
* Sun Alert ID: 102012
* Synopsis: Security Vulnerability With Sun Java System Application
Server Reverse SSL Proxy Plugin
* Category: Security
* Product: Sun Java System Application Server Standard Edition 7
2004Q2, Sun ONE Application Server 7, Standard Edition, Sun Java
System Application Server Enterprise Edition 8.1 2005Q1
* BugIDs: 6210327
* Avoidance: Patch, Upgrade
* State: Resolved
* Date Released: 05-Dec-2005
* Date Closed: 05-Dec-2005
* Date Modified:

1. Impact

A security vulnerability exists in the Proxy Plug-in for certain Sun
ONE and Java System Application Server products when the plug-in is
used with a supported web server, such as Sun Java System Web Server,
Apache Web Server or Microsoft Internet Information Server (IIS). This
vulnerability may allow a "Man-in-the-Middle" condition to be
exploited and possibly compromise data privacy between the client and
the server.

Note: Though not impossible, it will be difficult to carry out this
exploit from outside the firewall in front of the web server.

2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform
* Sun ONE Application Server 7
* Sun Java System Application Server 7 2004Q2
* Sun Java System Application Server Enterprise Edition 8.1 2005 Q1
without (file-based) patch 119169-03 or (SVR4) patch
119166-11

x86 Platform
* Sun ONE Application Server 7
* Sun Java System Application Server 7 2004Q2
* Sun Java System Application Server Enterprise Edition 8.1 2005 Q1
without (file based) patch 119170-03 or (SVR4) patch
119167-11

LINUX Platform
* Sun ONE Application Server 7
* Sun Java System Application Server 7
* Sun Java System Application Server Enterprise Edition 8.1 2005 Q1
without (file based) patch 119171-04
* Sun Java System Application Server Enterprise Edition 8.1 2005Q1
with RHEL2.1/RHEL3.0 (Pkg_patch) 119168-12 or later

Windows Platform
* Sun ONE Application Server 7
* Sun Java System Application Server 7

Note: The "Platform Editions" of above Application Server versions are
not affected by this issue.

To determine the version of Sun Java System Application server, the
following command can be run:
$ /bin/asadmin version --verbose
Unable to communicate with admin server, getting version locally.
Version = Sun Java System Application Server Enterprise Edition 8.1
(build b43-fcs)
Command version executed successfully.

(Where is the installation directory of the Application
Server)

3. Symptoms

There are no reliable symptoms that would indicate the described issue
has occurred.

4. Relief/Workaround

There is no workaround for this issue. Please see the Resolution
section below.

5. Resolution

This issue is addressed in the following releases:

SPARC Platform
* Sun ONE Application Server 7 Update 7 or later
* Sun Java System Application Server 7 2004Q2 Update 3 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005Q1
with (file based) patch 119169-03 or later

x86 Platform
* Sun ONE Application Server 7 Update 7 or later
* Sun Java System Application Server 7 2004Q2 Update 3 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005Q1
with (file based) patch 119170-03 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005Q1
with (SVR4) patch 119167-11 or later

Linux Platform
* Sun ONE Application Server 7 Update 7 or later
* Sun Java System Application Server 7 2004Q2 Update 3 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005Q1
with (file based) patch 119171-04 or later
* Sun Java System Application Server Enterprise Edition 8.1 2005Q1
with RHEL2.1/RHEL3.0 (Pkg_patch) 119168-12 or later

Windows Platform
* Sun ONE Application Server 7 Update 7 or later
* Sun Java System Application Server 7 2004Q2 Update 3 or later

This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.

Copyright 2000-2005 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved

- - --------------------------END INCLUDED TEXT--------------------

iQCVAwUBQ5ZCEih9+71yA2DNAQLWEgP/VoG87x5mJwEvXQ/pwbMVxtCqkdnjJmCq
Z/8ulUdbqq4xm9cJvkMU4hTuB5oovxyaAkrsukuXglogiZf3pV6ukppp+K/t9n+F
IYbxBlhgTx6JzRftfPfjmabRJDYd+ww/wtPcHnACkC2sVjPe40cMPevY3pwPybgI
S+gOpcFnROA=
=kBiE
- -----END PGP SIGNATURE-----

3.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================

ESB-2005.0972 -- [Solaris]
Solaris 10 Sun Update Connection Web Proxy Password
Disclosure Vulnerability
9 December 2005

===========================================================================

Product: Sun Update Connection Services
Publisher: Sun Microsystems
Operating System: Solaris 10
Impact: Inappropriate Access
Denial of Service
Access: Existing Account

Original Bulletin:
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102090-1

- - --------------------------BEGIN INCLUDED TEXT--------------------

Sun(sm) Alert Notification
* Sun Alert ID: 102090
* Synopsis: Solaris 10 Sun Update Connection Web Proxy Password
Disclosure Vulnerability
* Category: Security
* Product: Sun Update Connection Services, Solaris 10 Operating
System
* BugIDs: 6304563
* Avoidance: Patch
* State: Resolved
* Date Released: 07-Dec-2005
* Date Closed: 07-Dec-2005
* Date Modified:

1. Impact

Solaris 10 with Sun Update Connection Services, a web proxy password
may be visible to unauthorized local users on the affected system and
also in the web proxy log files at the web proxy server. In addition,
this issue prevents Sun Update Connection from authenticating to the
web proxy server.

Sun Acknowledges with thanks Nicholas Brealey of Culham
Electromagnetics and Lightning for bringing this issue to our
attention.

2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform
* Solaris 10 with patches 119107-01 through 119107-03 and without
patch 119107-04

x86 Platform
* Solaris 10 with patches 119108-01 through 119108-03 and without
patch 119108-04

Note: This issue occurs only when Sun Update Connection is configured
to use a web proxy with password authentication enabled.

3. Symptoms

Sun Update Connection with proxy authentication enabled does not work.
Password may be visible in web proxy log files.

4. Relief/Workaround

There is no workaround for this issue. Please see the Resolution
section below.

5. Resolution

This issue is addressed in the following releases:

SPARC Platform
* Solaris 10 with patch 119107-04 or later

x86 Platform
* Solaris 10 with patch 119108-04 or later

Note: Your web proxy password may have been compromised. It is
advisable to change your web proxy password

This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.

Copyright 2000-2005 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved

- - --------------------------END INCLUDED TEXT--------------------

iQCVAwUBQ5jeKyh9+71yA2DNAQJusAQAklxYFTZKqAxu3T8oZyoAfKC9hnUVB6e/
upVf4zCdyCme3y/FiPKDzgfYcC0u44RTFEi97xIbtCEwzUkW4JgeiHjQad/INkLL
m/6T3jIeQHwDZKfIbuGIUPP2JbToZY1/GRlgOfJXY6nG9bRPtaC5lv/eKANDHFsn
YLInc0XnJc4=
=OXGD
- -----END PGP SIGNATURE-----