Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00


                                            `Date: Fri, 25 Dec 1998 19:51:56 PST  
From: Dana Jones <britney_j@HOTMAIL.COM>  
Reply-To: Bugtraq List <>  
Subject: Vulnerability  
SIMS 3.x (Sun Internet Mail Server) and SDS 1.x & 3.1 (Sun LDAP  
Directory services) vulnerability.  
/var/opt/SUNWconn/ldap/log/slapd.log is used to log ldap  
I won't waste a lot of typing on detailing the problem, perhaps this  
simple example will suffice:  
% cd /var/opt/SUNWconn/ldap/log/  
% ls -l slapd.log  
-rw-rw-rw- 1 root root 33519 Dec 16 16:00 slapd.log  
% grep password slapd.log  
Wed Dec 16 12:55 : conn=41 op=2 SRCH base="CN=Joe T. User  
(joet),OU=People,O=email,C=US" scope=2 filter="(userpassword=bettysue)"  
% grep passwd | grep admin  
Wed Dec 16 12:55 : conn=41 op=2 SRCH base="CN=admin  
(admin),OU=People,O=email,C=US" scope=2 filter="(userpassword=secret)"  
<sigh> yes folks, world readable (and writable for that matter) and  
clear text passwords and uids of all those folks logging into the IMAP  
server to check mail, etc. and on a machine that users can log into.  
Almost takes all the fun out of it.