sims-sds.txt

1999-08-17T00:00:00
ID PACKETSTORM:15301
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `Date: Fri, 25 Dec 1998 19:51:56 PST  
From: Dana Jones <britney_j@HOTMAIL.COM>  
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>  
To: BUGTRAQ@netspace.org  
Subject: Vulnerability  
  
SIMS 3.x (Sun Internet Mail Server) and SDS 1.x & 3.1 (Sun LDAP  
Directory services) vulnerability.  
  
/var/opt/SUNWconn/ldap/log/slapd.log is used to log ldap  
connects/operations.  
  
I won't waste a lot of typing on detailing the problem, perhaps this  
simple example will suffice:  
  
% cd /var/opt/SUNWconn/ldap/log/  
% ls -l slapd.log  
  
-rw-rw-rw- 1 root root 33519 Dec 16 16:00 slapd.log  
  
% grep password slapd.log  
  
Wed Dec 16 12:55 : conn=41 op=2 SRCH base="CN=Joe T. User  
(joet),OU=People,O=email,C=US" scope=2 filter="(userpassword=bettysue)"  
  
% grep passwd | grep admin  
  
Wed Dec 16 12:55 : conn=41 op=2 SRCH base="CN=admin  
(admin),OU=People,O=email,C=US" scope=2 filter="(userpassword=secret)"  
  
  
<sigh> yes folks, world readable (and writable for that matter) and  
clear text passwords and uids of all those folks logging into the IMAP  
server to check mail, etc. and on a machine that users can log into.  
  
Almost takes all the fun out of it.  
`