Sun ONE Directory Server "ns-ldapd" can be terminated by unprivileged user

2003-05-02T00:00:00
ID VU:195644
Type cert
Reporter CERT
Modified 2003-05-07T12:33:00

Description

Overview

A denial-of-service vulnerability exists in the Sun ONE Directory Server. This vulnerability may allow a remote attacker to effectively terminate directory services on the affected host.

Description

Sun describes the Sun ONE Directory Server as

a software product that provides a central repository for storing and managing identity profiles, access privileges and application and network resource information. Information stored in the Sun ONE Directory Server can be used for the authentication and authorization of users to enable secure access to enterprise and Internet services and applications.
A vulnerability exists in ns-ldapd (a directory service process). For more information, please see Sun Alert 52102.


Impact

This vulnerability may allow a remote attacker to effectively terminate directory services on the affected host.


Solution

Apply a patch.


Vendor Information

195644

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Vendor has issued information

__ Sort by: Status Alphabetical

Expand all

Affected Unknown __ Unaffected

Javascript is disabled. Click here to view vendors.

__ Sun Microsystems Inc.

Updated: May 02, 2003

Status

__ Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F52102&zone_32=category%3Asecurity.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | | N/A

References

Credit

The CERT/CC thanks Sun Microsystems for publishing information upon which this document is based.

This document was written by Ian A Finlay.

Other Information

CVE IDs: | None
---|---
Severity Metric:** | 3.16
Date Public:
| 2003-04-30
Date First Published: | 2003-05-02
Date Last Updated: | 2003-05-07 12:33 UTC
Document Revision: | 6