Updated redhat-idm-console packages that fix a security issue are now
available for Red Hat Directory Server 8.0.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The redhat-idm-console contains a Java based remote management console used
for managing Red Hat Administration Server and Red Hat Directory Server.
When running on Red Hat Enterprise Linux, Red Hat Directory Server 8.0 used
insecure permissions on the redhat-idm-console startup script. Local users
could modify this script and run arbitrary code with the privileges of the
user running Red Hat Management Console (CVE-2008-0889).
Red Hat would like to thank Doncho N. Gunchev for reporting this issue.
All redhat-idm-console users are advised to update to these erratum
packages which contain a fix to correct this issue.