Note: This is an archival copy of Security Sun Alert 255008 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020258.1.
Sun Java System Calendar Server 6.3
Date of Resolved Release
Security Vulnerability in Sun Java System Calendar Server 6.3 May Allow Denial of Service (DoS):
A security vulnerability in Sun Java System Calendar Server 6.3 may allow a remote unprivileged user to crash the Calendar Server. This is a type of Denial of Service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
To determine the version of Sun Java System Calendar Server on a system, the following command can be run:
$ csversion3. Symptoms
If this issue is exploited to cause a Denial of Service (DoS), the Calendar Server will no longer be running on the system. This can be determined using a command such as the following, which will produce no output if the process has crashed:
$ pgrep cshttpdDepending on the system configuration, the Calendar Server process may leave a crash dump with a stack trace similar to the following:
----------------- lwp# 4 / thread# 4 --------------------
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
06-Apr-2009: Updated Contributing Factors and Resolution sections
This solution has no attachment