Bug Id
4957279

Date of Resolved Release
10-AUG-2004

Impact

An issue in ASN.1 parsing may be exploited by a local or remote unprivileged user to create a Denial-Of-Service condition in the Sun Java System Directory Server (formerly Sun ONE Directory Server).

Note: Sun ONE Admin Server (delivered with Sun Java System Directory Server), is also affected by this issue.

This issue is also described in CERT Vulnerability VU#104280 at http://www.kb.cert.org/vuls/id/104280, which is referenced in CERT Advisory CA-2003-26 at http://www.cert.org/advisories/CA-2003-26.html.

Also see the NISCC Vulnerability Advisory 006489/TLS at http://www.uniras.gov.uk/vuls/2003/006489/tls.htm.

Contributing Factors

This issue can occur in the following releases:

Sun ONE bundled with Solaris

• Sun Java System Directory Server 5.1 bundled with Solaris 9 (SPARC Platform) without patch 113859-03
• Sun Java System Directory Server 5.1 bundled with Solaris 9 (x86 Platform) without patch 114273-03

Sun ONE unbundled

• Sun Java System Directory Server 5.1 without Service Pack 3

Note: For applicable architectures and OS versions, refer to http://wwws.sun.com/software/download/inter_ecom.html.

Symptoms

Should the described issue occur, the Sun Java System Directory Server (application) may crash.

Workaround

There is no workaround for this issue. Please see the "Resolution" section.

Resolution

This issue is addressed in the following releases:

Sun ONE bundled with Solaris

• Sun Java System Directory Server 5.1 bundled with Solaris 9 (SPARC Platform) with patch 113859-03 or later
• Sun Java System Directory Server 5.1 bundled with Solaris 9 (x86 Platform) with patch 114273-03 or later

Sun ONE unbundled

• Sun Java System Directory Server 5.1 with Service Pack 3 or later

Modification History

References

113859-03
114273-03





Attachments

This solution has no attachment