Sun Java System Directory Server LDAP Processing Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1015604
|
|
SecurityTracker URL: http://securitytracker.com/id?1015604
|
|
CVE Reference: CVE-2006-0647
(Links to External Site)
|
|
OSVDB Reference: 22996
(Links to External Site)
|
Updated: May 22 2006
|
Original Entry Date: Feb 9 2006
|
Impact: Denial of service via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): 5.2
|
Description: A vulnerability was reported in Sun Java System Directory Server. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to the LDAP port on the target system to cause the LDAP server to crash.
A demonstration
exploit is available in the original report at:
http://lists.immunitysec.com/pipermail/dailydave/2006-February/002914.html
Evgeny
Legerov of GLEG Ltd. reported this vulnerability.
|
Impact: A remote user can cause the target service to crash.
|
Solution: Sun has issued the following releases for all platforms (Solaris 8, 9, and 10 on Solaris SPARC and Solaris x86 Platforms, Linux,
Windows, HP-UX, and AIX):
* Sun Java System Directory Server 5 2005Q4 (Native Package) with patch 122476-01 or later
* Sun Java System Directory Server 5.2 Patch4 (Compressed Archive) with patch 122476-01 or later
The Sun advisory is available
at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102294-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102294-1 (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 9 Feb 2006 07:37:43 -0500
Subject: [Dailydave] Sun Directory Server 5.2 fun
|
http://lists.immunitysec.com/pipermail/dailydave/2006-February/002914.html
|
|
