|
Sun Java System Directory Server LDAP Denial of Service
|
|
Secunia Advisory:
|
SA18769
|
|
|
Release Date:
|
2006-02-09
|
|
Last Update:
|
2007-04-16
|
|
Popularity:
|
9,112 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
DoS
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Sun Java System Directory Server 5.x
Sun ONE Directory Server 5.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-0647
|
|
Description:
Evgeny Legerov has discovered a vulnerability in Sun Java System Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the LDAP server within the handling of certain requests. This can be exploited to crash the service via a specially-crafted request sent to the LDAP server port.
The vulnerability has been confirmed in version 5.2 P4, and also reported in the following versions on all platforms.
* Sun ONE Directory Server 5.2
* Sun Java System Directory Server 5 2003Q4 (5.2patch1)
* Sun Java System Directory Server 5 2004Q2 (5.2patch2)
* Sun Java System Directory Server 5 2005Q1 (5.2patch3)
* Sun Java System Directory Server 5 2005Q4 (5.2patch4)
* Sun ONE Directory Server 5.2 (PatchZIP)
* Sun Java System Directory Server 5.2 Patch2 (PatchZIP)
* Sun Java System Directory Server 5.2 Patch3 (PatchZIP)
* Sun Java System Directory Server 5.2 Patch4 (PatchZIP)
Solution:
Apply patches or upgrade to Directory Server 5.2patch5.
Sun Java System Directory Server 5 2005Q4 (Native Package):
Apply patch 122476-01 or later.
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-122476-01-1
Sun Java System Directory Server 5.2 Patch4 (Compressed Archive):
Apply patch 122476-01 or later.
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-122476-01-1
Upgrade to Directory Server 5.2patch5 using the following patches:
-- Native Package Versions --
Solaris Sparc: 115614-27
Solaris x86: 115615-27
Linux: 118080-12
HP-UX : 121393-02
Windows : 121392-03
-- For the PatchZIP (Compressed Archive) versions --
Solaris Sparc: 117665-04
Solaris x86: 117666-04
Linux: 117668-04
Windows: 117667-04
HP-UX: 117669-04
AIX: 117670-04
Note: Versions prior to Sun Java System Directory Server 5 2005Q4 or Sun Java System Directory Server 5.2 Patch4 must be upgraded to these versions before applying the patch.
Provided and/or discovered by:
Evgeny Legerov, GLEG Ltd.
Changelog:
2006-02-16: Added CVE reference.
2006-04-27: Added information from vendor. Updated "Description", "Solution" and "Original Advisory" sections.
2006-05-23: Updated "Solution Status" and "Solution" sections.
2007-04-16: Updated "Solution" section.
Original Advisory:
http://lists.immunitysec.com/pipermail/dailydave/2006-February/002914.html
Sun Microsystems:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102294-1
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
