Sun Java System Access Manager 'sub-realm'特权提升漏洞

2009-01-15T00:00:00
ID SSV:4667
Type seebug
Reporter Root
Modified 2009-01-15T00:00:00

Description

BUGTRAQ ID: 33266 CNCAN ID:CNCAN-2009011503

Sun Java System Access Manager是一款安全单点登录、认证、授权解决方案。 Sun Java System Access Manager存在安全漏洞,允许sub-real管理员提升特权或访问root realm作为管理员。 目前没有详细漏洞细节提供。

Sun Java System Access Manager 7.1 Windows Sun Java System Access Manager 7.1 Solaris x86 Sun Java System Access Manager 7.1 Solaris SPARC Sun Java System Access Manager 7.1 Linux 厂商解决方案 可参考如下补丁: Sun Java System Access Manager 7.1 Linux Sun 126358-02 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -126358-02-1 Sun Java System Access Manager 7.1 Solaris SPARC Sun 126356-02 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -126356-02-1 Sun Java System Access Manager 7.1 Solaris x86 Sun 126357-02 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -126357-02-1 Sun Java System Access Manager 7.1 Windows Sun 126359-02 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -126359-02-1