Sun Java JRE JNDI/DNS Integer Wraparound DoS

2004-11-08T00:00:00
ID OSVDB:11578
Type osvdb
Reporter Kurt Huwig(k.huwig@iku-ag.de)
Modified 2004-11-08T00:00:00

Description

Vulnerability Description

Java JRE contains a flaw that may allow a local denial of service. The issue is due to the InitialDirContext function when it performs DNS lookup functions. If a remote attacker tricks the application into doing excessive lookups causing more than 32768 DNS records to be returned, it may result in loss of availability for the application.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Java JRE contains a flaw that may allow a local denial of service. The issue is due to the InitialDirContext function when it performs DNS lookup functions. If a remote attacker tricks the application into doing excessive lookups causing more than 32768 DNS records to be returned, it may result in loss of availability for the application.

References:

Security Tracker: 1012137 Secunia Advisory ID:13142 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0092.html CVE-2004-1503