[原文]iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions.
[CNNVD]iPlanet Calendar Server获取Netscape Admin Server (NAS) LDAP数据库的访问权限且读取任意文件漏洞(CNNVD-200108-020)
iPlanet Calendar Server 5.0p2及其之前的版本存在漏洞。本地攻击者利用该漏洞通过取得来自配置文件的明文管理员用户名和密码从而获取Netscape Admin Server (NAS) LDAP数据库的访问权限且读取任意文件。该漏洞具有不安全的权限。
iPlanet Calendar Server ics.conf Cleartext Admin Password Disclosure
Local Access Required
Loss of Confidentiality
iPlanet contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user attempts to access the world readable /opt/SUNWics5/cal/bin/config/ics.conf file, which will disclose usernames and passwords for the NAS LDAP database resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.