Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1083

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2009-1083
Last Modified 06 Oct 2009 12:00:00
Published 25 Mar 2009 11:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-1083

Summary

Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters."

Vulnerable Systems

Application

  • Sun Java System Identity Manager 7.0

  • Sun Java System Identity Manager 7.1

  • Sun Java System Identity Manager 7.1.1

  • Sun Java System Identity Manager 8.0


References

SUNALERT - 253267

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

CONFIRM - http://blogs.sun.com/security/entry/sun_alert_253267_sun_java

VUPEN - ADV-2009-0797

BID - 34191

SECTRACK - 1021881

SECUNIA - 34380


Last Updated: 27 May 2016 10:50:28