Sun ONE / JES Directory Server LDAP Request Overflow

2005-04-13T11:45:11
ID OSVDB:15505
Type osvdb
Reporter Hitachi Incident Response Team()
Modified 2005-04-13T11:45:11

Description

Vulnerability Description

Sun ONE Directory Server and Sun Java System Directory Server contains a flaw that may allow a remote/local denial of service. The issue is triggered when a local or remote unprivileged user may be able to execute arbitrary commands on a vulnerable LDAP server with the privileges of the LDAP process or terminate the LDAP process, and will result in loss of availability for the LDAP service.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems, Inc., has released a patch to address this vulnerability.

Short Description

Sun ONE Directory Server and Sun Java System Directory Server contains a flaw that may allow a remote/local denial of service. The issue is triggered when a local or remote unprivileged user may be able to execute arbitrary commands on a vulnerable LDAP server with the privileges of the LDAP process or terminate the LDAP process, and will result in loss of availability for the LDAP service.

References:

Vendor Specific Advisory URL Secunia Advisory ID:14960 Other Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57754-1 Keyword: TCP Port 389 Keyword: TCP Port 636 ISS X-Force ID: 20083 CVE-2004-1236 CIAC Advisory: P-083 CERT VU: 258905 Bugtraq ID: 12099