CVE-2006-1782

Name of the Vulnerable Software and Affected Versions Solaris versions 8 and 9

Description The issue allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password under certain conditions. This can happen when a privileged user runs idsconfig or when LDAP2 commands are run "insecurely" with the -w option, including commands such as ldapadd, ldapdelete, ldapmodify, ldapmodrdn, and ldapsearch.

Recommendations For Solaris versions 8 and 9, avoid running idsconfig and LDAP2 commands with the -w option until a fix is available. As a temporary workaround, consider restricting the use of idsconfig and the mentioned LDAP2 commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.