SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Directory)  >   Sun ONE Directory Server Vendors:   Sun
Sun Directory Server Unspecified Bug Lets Remote Users Compromise the System
SecurityTracker Alert ID:  1015014
SecurityTracker URL:  http://securitytracker.com/id/1015014
CVE Reference:   CVE-2005-3269   (Links to External Site)
Updated:  Nov 23 2005
Original Entry Date:  Oct 6 2005
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.2 Patch 3 and prior versions
Description:   A vulnerability was reported in Sun Directory Server. A remote user can compromise the target system.

A remote user can exploit the HTTP administrative interface to execute arbitrary commands with the privileges of the admin server process (which are typically root user privileges).

Peter Winter-Smith of NGSSoftware discovered this vulnerability.
Impact:   A remote user can compromise the target system.
Solution:   Sun has issued a fixed version (5.2 Patch 4), available at the following URLs.

For Solaris (SPARC):

http://sunsolve.sun.com/search/document.do?assetkey=1-21-117665-03-1

For Solaris (x86):

http://sunsolve.sun.com/search/document.do?assetkey=1-21-117666-03-1

For Windows:

http://sunsolve.sun.com/search/document.do?assetkey=1-21-117667-03-1

For Linux:

http://sunsolve.sun.com/search/document.do?assetkey=1-21-117668-03-1

For Red Hat Enterprise Linux 2.1:

http://sunsolve.sun.com/search/document.do?assetkey=1-21-118079-10-1

Sun's advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102002-1

The following patches are available:

For Packaged Versions:

SPARC Platform

* Sun ONE Administration Server 5.2 (for Solaris 8, 9, and 10) with patch 115610-23 or later
* Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) with patch 115614-26 or later
* Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) with patch 116373-18 or later

x86 Platform

* Sun ONE Administration Server 5.2 (for Solaris 9 and 10) with patch 115611-23 or later
* Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) with patch 115615-26 or later
* Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) with patch 116374-14 or later

Linux

* Sun ONE Administration Server 5.2 (for RHEL2.1) with patch 118079-10 or later
* Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 with patch 118080-11 or later
* Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 with patch 118096-08 or later

For zip compressed archives:

Sun Java System Directory Server 5.2 (to upgrade from 5.2 RTM ZIP or 5.2 Patch2 ZIP or 5.2 Patch3 ZIP ):

* Solaris 8, 9, and 10 on the SPARC Platform with patch 117665-03 or later
* Solaris 8, 9 and 10 on the x86 Platform with patch 117666-03 or later
* Linux with patch 117668-03 or later
* Windows with patch 117667-03 or later
* HP-UX with patch 117669-03 or later
* AIX with patch 117670-03 or later

A final resolution is pending.
Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-26-102002-1 (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Thu, 06 Oct 2005 12:00:09 +0100
Subject:  High Risk Vulnerability in Sun Directory Server

Peter Winter-Smith of NGSSoftware has discovered high risk vulnerability in
Sun Directory Server. This flaw can permit an unauthenticated attacker to
remotely compromise the Directory server.

Affected versions include:

Sun Directory Server 5.2 (patch 3 and below)

This issue has been resolved in the latest patch released for Sun Directory
Server (patch 4), which may be downloaded from SunSolve:

http://sunsolve.sun.com

NGSSoftware are going to withhold details of this flaw for three months.
Full details will be published on the 05th January 2006. This three month
window will allow users of Sun Directory Server the time needed to apply the
patch before the details are released to the general public. This reflects
NGSSoftware's approach to responsible disclosure.

NGSSoftware Insight Security Research
http://www.ngssoftware.com
http://www.databasesecurity.com/
http://www.nextgenss.com/
+44(0)208 401 0070


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC