Security issue reported in Sun Java System Access Manager
I came across another security issue. There is security vulnerability in the Sun Java system Access Manager which may enable administrator access to users logged in as root. Logged in as root on a system, the local user might be able to use the amadmin CLI tool for administering the Access Manager installation with privileges of the top level administrator and therefore may lead to Access Manager security getting compromised. This may cause the improper functioning of the Sun Java System Access Manager or the user data or product configuration might be compromised.
The following releases might be affected:
SPARC Platform• Sun Java System Access Manager 7.0 (for Solaris 8, 9 and 10) without patch 120954-01
x86 Platform
• Sun Java System Access Manager 7.0 (for Solaris 9 and 10) without patch 120955-01
LINUX Platform
• Sun Java System Access Manager 7.0 without patch 120956-01
Windows Platform
• Sun Java System Access Manager 7.0 without patch 124296-05
The security issue has been resolved.
Via sun blogs