Lucene search

K
nessusThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.SUN_DIRECTORY_SERVER_MULTIPLE.NASL
HistoryJul 12, 2007 - 12:00 a.m.

Sun Java System Directory Server Multiple Vulnerabilities

2007-07-1200:00:00
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
www.tenable.com
26
ldap server
sun microsystems
multiple vulnerabilities
information disclosure
unauthorized access
denial of service
memory corruption
cve-2006-4175
cve-2007-2466
cve-2007-3224
cve-2007-3225
patch upgrade

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.063

Percentile

93.8%

The remote host is running the Sun Java System Directory Server, an LDAP server from Sun Microsystems.

The remote version of this service is affected by multiple vulnerabilities. Versions 6.0 and prior to 5.2 Patch 5 are affected by :

  • list attributes information disclosure
  • Unauthorized Access (restricted to super users).

Versions prior to 5.2 Patch 5 are affected by :

  • Denial of service due to the BER decoding handler
  • Memory corruption in the failed request handler.
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(25705);
  script_version("1.20");
  script_cvs_date("Date: 2018/11/15 20:50:22");

  script_cve_id(
    "CVE-2006-4175", 
    "CVE-2007-2466", 
    "CVE-2007-3224", 
    "CVE-2007-3225"
  );
  script_bugtraq_id(23117, 23743, 24467, 24468);

  script_name(english:"Sun Java System Directory Server Multiple Vulnerabilities");
  script_summary(english:"Checks the version of Sun Java Directory Server");

  script_set_attribute(attribute:"synopsis", value:
"The remote LDAP server has multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is running the Sun Java System Directory Server, an
LDAP server from Sun Microsystems. 

The remote version of this service is affected by multiple
vulnerabilities.  Versions 6.0 and prior to 5.2 Patch 5 are affected
by :

  - list attributes information disclosure
  - Unauthorized Access (restricted to super users). 

Versions prior to 5.2 Patch 5 are affected by :

  - Denial of service due to the BER decoding handler
  - Memory corruption in the failed request handler.");
  script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1000664.1.html");
  script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1000951.1.html");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c3b398d9");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0bf5dca5");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Sun Java System Directory Server 5.2 Patch 5 or 6.1 or
later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2007/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/12");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gain a shell remotely");

  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");

  script_dependencies("ldap_search.nasl");
  script_require_ports("Services/ldap", 389);

  exit(0);
}

port = get_kb_item("Services/ldap");
if (!port) port = 389;

ver = get_kb_item(string("LDAP/",port,"/vendorVersion"));
if (!ver)
  exit(0);


if ("Sun-Java(tm)-System-Directory/6.0" >< ver)
  security_hole(port);
else if (egrep(pattern:"Sun Java\(TM\) System Directory Server/", string:ver))
{
 major = ereg_replace(pattern:"^Sun Java\(TM\) System Directory Server/([0-9]+\.[0-9]+).*", string:ver, replace:"\1");
 major = split(major, sep:".", keep:FALSE);

 if (
  int(major[0]) < 5 ||
  (int(major[0]) == 5 && int(major[1]) < 2)
 ) security_hole(port);
 else if (int(major[0]) == 5 && int(major[1]) == 2)
 {
    if (egrep(pattern:".*_Patch_[0-9]+", string:ver))
    {
      patch = ereg_replace(pattern:".*_Patch_([0-9]+).*", string:ver, replace:"\1");
      if (int(patch) < 5) security_hole(port);
    }
    else security_hole(port);
 }
}

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.063

Percentile

93.8%

Related for SUN_DIRECTORY_SERVER_MULTIPLE.NASL