Sun Java System Directory Server信息泄漏漏洞

BUGTRAQ ID: 34548 CNCAN ID：CNCAN-2009041704 Sun Java System Directory Server是一款Java企业系统的一个组件，为企业管理大量用户信息提供用户管理基础架构。 Sun Java System Directory Server包含的在线帮助组件存在安全问题，远程攻击者可以利用漏洞判断文件或目录是否存在，导致敏感信息泄漏。 目前没有详细漏洞细节提供。 Sun Java System Directory Server Enterprise Edition 5 Sun Java System Directory Server...

CVE-2009-1332

Summary: CVE-2009-1332 corresponds to an information-disclosure vulnerability in Sun Java System Directory Server's Online Help feature. The issue allows remote attackers to determine whether certain files or directories exist, and in some cases obtain a single line of a file, via unspecified vec...

CVE-2009-0609

Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle 1 a long value in an ADD or 2 long string attributes, which allows remote attackers to cause a denial of service JDBC backend...

Design/Logic Flaw

Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle 1 a long value in an ADD or 2 long string attributes, which allows remote attackers to cause a denial of service JDBC backend...

CVE-2009-0576

Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, are affected by CVE-2009-0576. An unspecified vulnerability allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests. The provided documents do not specify the exact root cause, vul...

Sun Java System Directory Server 6.x < 6.3.1 LDAP JDBC Backend DoS

The remote host is running the Sun Java System Directory Server, an LDAP server from Sun Microsystems. The installed version is older than 6.3.1, and the proxy server included with such versions is reportedly affected by a denial of service vulnerability. By sending a specially crafted request to...

Sun Java System Directory Server bind-dn Remote Privilege Escalation

The version of Sun Java System Directory Proxy Server running on the remote host is affected by an unauthorized access vulnerability. Specifically, the server fails to properly classify connections in relation to 'binddn' parameter. Successful exploitation of this issue might allow an unprivilege...

Sun Java系统目录代理服务器远程非授权访问漏洞

BUGTRAQ ID: 28941 Sun Java系统目录服务器是Java企业系统的一个组件，为企业管理大量用户信息提供用户管理基础架构。 Sun Java系统目录代理服务器错误的基于bind-dn标准对连接进行分类，导致应用了错误的策略，成功利用这个漏洞可能允许远程非特权用户获得对服务器的非授权管理访问。 Sun Java System Directory Server 6.2 Sun Java System Directory Server 6.1 Sun Java System Directory Server 6.0 Sun ---...

CVE-2008-1995

Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server...

CVE-2007-3225

Unspecified vulnerability in Sun Java System Directory Server slapd 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors...

Code injection

Unspecified vulnerability in Sun Java System Directory Server slapd 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors...

CVE-2007-3224

Unspecified vulnerability in Sun ONE/Java System Directory Server slapd 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors...

Code injection

Unspecified vulnerability in Sun ONE/Java System Directory Server slapd 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors...

CVE-2007-3225

Sun Java System Directory Server (slapd) 6.0 and 5.2 with Patch 3 or 4 are affected by CVE-2007-3225. The vulnerability allows remote attackers to modify certain data via unknown vectors. The available documents do not specify the exact component/function/file/root cause, nor provide a confirmed ...

CVE-2007-3224

CVE-2007-3224 refers to an information-disclosure vulnerability in Sun Java System Directory Server (slapd) affecting versions 6.0 and 5.x before 5.2 Patch 5. The issue allows remote attackers to determine the existence of attributes of an entry via unspecified vectors. Connected sources (includi...

CVE-2007-2466

Unspecified vulnerability in the LDAP Software Development Kit SDK for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service crash via certain BER encodings...

CVE-2007-2466

CVE-2007-2466 affects the LDAP Software Development Kit (SDK) for C used in Sun Java System Directory Server 5.2 (up to Patch 4) and Sun ONE Directory Server 5.1. The vulnerability is described as unspecified but enables remote attackers to cause a denial of service (crash) via certain BER encodi...

Sun Java System Directory Server未初始化指针远程内存破坏漏洞

Sun Java System Directory Server是一款由Sun公司开发的LDAP服务器。 Sun Java System Directory Server存在设计错误，远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 问题存在于针对部分失败查询类型的清理代码中，可导致服务器调用free，并从未初始化内存中获取地址，非法内存的引用可导致拒绝服务攻击。 Sun Java System Directory Server 5.2 可参考如下补丁程序： http://sunsolve.sun.com/search/document.do?assetkey=1-26-102853-...

CVE-2006-4175

The CVE-2006-4175 issue affects Sun Java System Directory Server and ONE Directory Server (ns-slapd) versions 5.2 Patch4 and earlier, and 5.1/5.2 for ONE. Affected component: LDAP server; root cause: malformed BER queries in the BER decoding/cleanup path lead to a free of uninitialized memory. Im...

CVE-2006-4175

The LDAP server ns-slapd in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service crash via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations...