SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Join our Affiliate Program
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Server/CGI)  >  Sun ONE Application Server Vendors:  Sun
Sun ONE Application Server LDAP Authentication Flaw May Yield Remote Access
SecurityTracker Alert ID:  1007073
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 27 2003
Impact:  User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 7.0 Platform Edition, 7.0 Standard Edition
Description:  An authentication vulnerability was reported in the Sun ONE Application Server. A remote user may be able to gain access without properly authenticating.

Sun reported that the server may incorrectly validate user authentication information when using LDAP.

Sun credits Subhajit Mitra of The Product Development Company (http://www.ptc.com) with reporting this flaw.
Impact:  A remote user may be able to authenticate to the application server without supplying correct authentication credentials
Solution:  Sun has issued the following fixes:

For Windows and Solaris platform:

* Sun ONE Application Server 7.0 Update Release 1 and later

For Linux platform:

* Sun ONE Application Server 7.0.0_00 and later

The fixes are available at:

http://wwws.sun.com/software/download/product s/3e3af96b.html
Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55460 (Links to External Site)
Cause:  Authentication error
Underlying OS:  Linux (Red Hat), Linux (Sun), UNIX (Solaris - SunOS), Windows (2000), Windows (XP)

Message History:   None.

 Source Message Contents
Date:  Fri, 27 Jun 2003 08:32:10 -0400
Subject:  Sun ONE Application Server May Incorrectly Validate User Authentication

 

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55460

Sun Alert 55460:  Sun ONE Application Server May Incorrectly Validate User Authentication 
Information With LDAP

Sun reported a vulnerability in the Sun ONE Application Server.  The server may 
incorrectly validate user authentication information when using LDAP.

Sun credits Subhajit Mitra of The Product Development Company (http://www.ptc.com) with 
reporting this flaw.

Sun ONE Application Server 7.0 Platform Edition and Standard Edition versions are affected.

Sun has issued the following fixes:

For Windows and Solaris platform:

     * Sun ONE Application Server 7.0 Update Release 1 and later

For Linux platform:

     * Sun ONE Application Server 7.0.0_00 and later

The fixes are available at:

http://wwws.sun.com/software/download/products/3e3af96b.html

-----

     * Sun Alert ID: 55460
     * Synopsis: Sun ONE Application Server May Incorrectly Validate User Authentication 
Information With LDAP
     * Category: Security
     * Product: Sun ONE Application Server
     * BugIDs: 4836906, 4838330
     * Avoidance: Upgrade
     * State: Resolved
     * Date Released: 24-Jun-2003
     * Date Closed: 24-Jun-2003
     * Date Modified:


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC