CVE-2006-2539

Name of the Vulnerable Software and Affected Versions Sybase EAServer versions 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC

Description The issue concerns the improper protection of passwords when entered via the GUI, allowing local users to obtain cleartext passwords. This is achieved through the getSelectedText function in the javax.swing.JPasswordField component.

Recommendations For Sybase EAServer version 5.0 on HP-UX Itanium, consider restricting access to the GUI until a fix is available. For Sybase EAServer version 5.2 on IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, avoid using the getSelectedText function in the javax.swing.JPasswordField component until the issue is resolved. For Sybase EAServer version 5.3 on Sun Solaris SPARC, temporarily disable the GUI password entry feature to minimize the risk of exploitation.