Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Vulnerability

From: britney_j () HOTMAIL COM (Dana Jones)
Date: Fri, 25 Dec 1998 19:51:56 PST

SIMS 3.x (Sun Internet Mail Server) and SDS 1.x & 3.1 (Sun LDAP
Directory services) vulnerability.

/var/opt/SUNWconn/ldap/log/slapd.log  is used to log ldap
connects/operations.

I won't waste a lot of typing on detailing the problem, perhaps this
simple example will suffice:

% cd /var/opt/SUNWconn/ldap/log/
% ls -l slapd.log

-rw-rw-rw-   1 root     root       33519 Dec 16 16:00 slapd.log

% grep password slapd.log

Wed Dec 16 12:55 : conn=41 op=2 SRCH base="CN=Joe T. User
(joet),OU=People,O=email,C=US" scope=2 filter="(userpassword=bettysue)"

% grep passwd | grep admin

Wed Dec 16 12:55 : conn=41 op=2 SRCH base="CN=admin
(admin),OU=People,O=email,C=US" scope=2 filter="(userpassword=secret)"


<sigh> yes folks, world readable (and writable for that matter) and
clear text passwords and uids of all those folks logging into the IMAP
server to check mail, etc. and on a machine that users can log into.

Almost takes all the fun out of it.

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
Previous By Date Next
Previous By Thread Next

Current thread: