A security vulnerability in Sun Java System Directory Server 5.2 may allow a local or remote user to gain unauthorized administrative access to the Directory Server by logging in to the Directory Server console.

This issue can occur in the following releases for all platforms (Solaris 8, Solaris 9, and Solaris 10 on Solaris SPARC and x86 Platforms, Linux, Windows, HP-UX, and AIX):

PatchZIP (Compressed Archive) versions:

• Sun Java System Directory Server 5.2

And if the initial installation was Sun One Directory Server 5.2:

• Sun Java System Directory Server 5.2 Patch2
• Sun Java System Directory Server 5.2 Patch3
• Sun Java System Directory Server 5.2 Patch4

Notes:

1. This issue does not occur with the installation of Sun Java Directory Server 5 (2003Q4, 2004Q2, 2005Q1, 2005Q4) using native package installations.
2. Sun ONE Directory Server 5.1 and earlier versions are not affected by this issue.
3. The issue does not occur with a full (non-incremental) zip install of 5.2 Patch4. The full install is not available with Patch2 or Patch3, and as a result, these patch revisions are always affected.

This issue is dependent on the version that was used during the initial installation of the Directory Server product. If the initial installation was made from an affected version, the wrong user data will have been entered into a file which was created during the installation of the administration server instance. Subsequent upgrades to an unaffected version of the product will not correct this issue. In that case the workaround described in the "Workaround /Resolution" section should still be applied.

There are no predictable symptoms that would indicate the described issue has occurred.

The administrative user password (set during first installation) must be manually changed and can be accomplished in one of two ways:

Administrative Console:

1. Start the console and log in as "administrator" or "directory manager"
2. Select "admin server"
3. Select "user" tab
4. Select "access" tab
5. Set the new password

Or:

Using the command line, the following command can be run:

% <serverroot>/bin/admin/adminconfig -server <server>:<port> -user <adminuser>:<adminpassword> -setAdminPwd <new passwd>

Then check that <serverroot>/admin-serv/config/admpw has been changed by using a command such as 'ls(1)' to examine the file's modification time.

Please see the "Relief/Workaround" section above for the resolution to this issue.

This solution has no attachment