A Security Vulnerability in Communications Services Delegated Administrator 2005Q1 may allow a remote unauthorized user the ability to gain access to the Top-Level Administrator (TLA) default password.

This issue can occur in the following releases:

SPARC Platform

• Sun Java System Communications Services 6 Delegated Administrator 2005Q1 (for Solaris 8, 9, and 10) without patch 119777-09

x86 Platform

• Sun Java System Communications Services 6 Delegated Administrator 2005Q1 (for Solaris 8, 9, and 10) without patch 119778-09

Linux Platform

• Sun Java System Communications Services 6 Delegated Administrator 2005Q1 (for RHEL2.1 and RHEL3.0) without patch 119779-09

Note: Solaris 8 for the x86 platform is not affected by this issue.

To determine if Sun Java Communications Services Delegated Administrator 2005Q1 is installed on a system, the following command can be used:

    % pkgparam -v SUNWcomis  | grep SUNW_PRODVERS
    SUNW_PRODVERS=' 6.2-0.10'

There are no predictable symptoms that would indicate the described issue has been exploited.

To work around the described issue, remove the "configure_toplevel_admin.ldif" file in the "config" directory. This is used only during configuration and is not needed afterwards.

This issue is addressed in the following releases:

SPARC Platform

• Sun Java System Communications Services 6 Delegated Administrator 2005Q1 (for Solaris 8, 9, and 10) with patch 119777-09 or later

x86 Platform

• Sun Java System Communications Services 6 Delegated Administrator 2005Q1 (for Solaris 8, 9, and 10) with patch 119778-09 or later

Linux Platform

• Sun Java System Communications Services 6 Delegated Administrator 2005Q1 (for RHEL2.1 and RHEL3.0) with patch 119779-09 or later

• Updated Product field

• Added note to Contributing Factors section

This solution has no attachment