Board logo

标题: Sun Java System Access Manager Debug文件信息泄露 [打印本页]
作者: pioneer     时间: 2009-11-23 16:59    标题: Sun Java System Access Manager Debug文件信息泄露

来源

secunia.com

软件名

Sun Java System Access Manager 6.x
Sun Java System Access Manager 7.x
Sun OpenSSO Enterprise 8.x

描述

应用程序在debug文件中储存清除的文本密码时如果AMConfig.properties配置文件中的"com.iplanet.services.debug.level"属性设为"message"的话,这就会导致Sun Java System Access Manager管理的用户认证被非授权访问。
该漏洞在Sun Java System Access Manager 6 2005Q1, 7 2005Q4, 7.1,和OpenSSO Enterprise 8.0中已经报告

解决方案

应用补丁
-- SPARC Platform --

Sun Java System Access Manager 6.3 2005Q1 (for Solaris 8, 9 and 10):
应用补丁119465-16 或最新.
http://sunsolve.sun.com/search/d ... id:1-21-119465-16-1

Sun Java System Access Manager 7.0 2005Q4 (for Solaris 8, 9 and 10):
应用补丁120954-10或最新.
http://sunsolve.sun.com/search/d ... id:1-21-120954-10-1

Sun Java System Access Manager 7.1 (for Solaris 8, 9 and 10):
应用补丁 126356-03或最新.
http://sunsolve.sun.com/search/d ... id:1-21-126356-03-1

-- x86 Platform --

Sun Java System Access Manager 6.3 2005Q1 (for Solaris 8, 9 and 10):
应用补丁 119465-16或最新.
http://sunsolve.sun.com/search/d ... id:1-21-119465-16-1

Sun Java System Access Manager 7.0 2005Q4 (for Solaris 9 and 10):
应用补丁 120955-10 或最新
http://sunsolve.sun.com/search/d ... id:1-21-120955-10-1

Sun Java System Access Manager 7.1 (for Solaris 8, 9 and 10):
应用补丁126357-03或最新.
http://sunsolve.sun.com/search/d ... id:1-21-126357-03-1

-- Linux --

Sun Java System Access Manager 6.3 2005Q1:
应用补丁 119502-16或最新.
http://sunsolve.sun.com/search/d ... id:1-21-119502-16-1

Sun Java System Access Manager 7.0 2005Q4:
应用补丁 120956-10或最新.
http://sunsolve.sun.com/search/d ... id:1-21-120956-10-1

Sun Java System Access Manager 7.1:
应用补丁 126358-03或最新.
http://sunsolve.sun.com/search/d ... id:1-21-126358-03-1

-- Windows --

Sun Java System Access Manager 7.0 2005Q4:
应用补丁124296-10 或最新.
http://sunsolve.sun.com/search/d ... id:1-21-124296-10-1

Sun Java System Access Manager 7.1:
应用补丁 126359-03或最新.
http://sunsolve.sun.com/search/d ... id:1-21-126359-03-1

-- HP-UX --

Sun Java System Access Manager 7.0 2005Q4:
应用补丁 126371-10或最新.
http://sunsolve.sun.com/search/d ... id:1-21-126371-10-1

-- Other --

Sun Java System Access Manager 7.1 WAR file-based installation (all
platforms):
应用补丁 140504-03 或最新.
http://sunsolve.sun.com/search/d ... id:1-21-140504-03-1

OpenSSO Enterprise 8.0 (for all supported platforms):
应用补丁141655-01 或最新
http://sunsolve.sun.com/search/d ... id:1-21-141655-01-1



欢迎光临 微点交流论坛 (http://bbs.micropoint.com.cn/) bbs.micropoint.com.cn