[SA20144] Sun Java System Directory Server Authentication Bypass

TITLE:
Sun Java System Directory Server Authentication Bypass

SECUNIA ADVISORY ID:
SA20144

VERIFY ADVISORY:
http://secunia.com/advisories/20144/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
>From local network

SOFTWARE:
Sun Java System Directory Server 5.x
http://secunia.com/product/1520/

DESCRIPTION:
A security issue has been reported in Sun Java System Directory
Server, which can be exploited by malicious people to gain
unauthorised access.

The problem is caused due to an unspecified error during the initial
installation process, which may cause wrong user data to be entered
into a file created during installation of the administration server
instance. This can be exploited to gain unauthorised administrative
access to the directory server by logging into the directory server
console.

The security issue has been reported in version 5.2 for all
platforms. Version 5.2 Patch4 with a full install (non-incremental),
and version 5.1 and prior are not affected.

SOLUTION:
The vendor recommends changing the administrative user password
manually (see vendor advisory for instructions).

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102345-1

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.