TITLE: Sun Java System Communications Services Delegated Administrator Password Disclosure SECUNIA ADVISORY ID: SA17889 VERIFY ADVISORY: http://secunia.com/advisories/17889/ CRITICAL: Not critical IMPACT: Exposure of sensitive information WHERE: >From local network SOFTWARE: Sun Java System Messaging Server 6.x http://secunia.com/product/4225/ DESCRIPTION: A weakness has been reported in Sun Java System Messaging Server, which can be exploited by malicious people to disclose potentially sensitive information. The weakness is caused due to an unspecified error in the Communications Services Delegated Administrator. This can be exploited by unauthorised users to gain access to the Top-Level Administrator (TLA) default password. The weakness has been reported in Sun Java System Communications Services 6 Delegated Administrator 2005Q1. SOLUTION: Apply patch. -- SPARC Platform -- Sun Java System Communications Services 6 Delegated Administrator 2005Q1: Apply patch 119777-09 or later (for Solaris 8, 9, and 10). -- x86 Platform -- Sun Java System Communications Services 6 Delegated Administrator 2005Q1: Apply patch 119778-09 or later (for Solaris 8, 9, and 10). -- Linux Platform -- Sun Java System Communications Services 6 Delegated Administrator 2005Q1: Apply patch 119779-09 or later (for RHEL2.1 and RHEL3.0). Note: The vendor recommends deleting the "configure_toplevel_admin.ldif" file in the "config" directory as a workaround. This file is used only during configuration and is not needed later. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102068-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------