Note: This is an archival copy of Security Sun Alert 275711 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021788.1.
Article ID : 1021788.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-10-22
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the Sun Java System Directory Server May Allow Crafted LDAP Search Requests To Cause A Denial Of Service (DoS) Condition

Category
Security

Release Phase
Resolved

Bug Id
6915746

Date of Preliminary Release
20-Jan-2010

Date of Workaround Release
24-Feb-2010

Date of Resolved Release
25-Feb-2010

1. Impact

A security vulnerability in the Sun Java System Directory Server (ns-slapd and slapd.exe) may allow a remote unprivileged user to crash the Directory Server process via crafted LDAP search requests, thereby leading to a Denial of Service (DoS) condition.

2. Contributing Factors

This issue can occur in the following releases for Solaris 9 and 10 on SPARC platform, Solaris 10 on x64 platform, Linux, Windows, and HP-UX:

PatchZIP (Compressed Archive) and Native package versions:
  • Sun Directory Server Enterprise Edition 7.0 without patch 143884-01
This issue can occur in the following releases for Solaris 9 and 10 on SPARC platform, x86 and x64 platforms, Linux, Windows, and HP-UX:

PatchZIP (Compressed Archive) and Native package versions:
  • Sun Java System Directory Server Enterprise Edition 6.3.1 without patch 143463-01
  • Sun Java System Directory Server Enterprise Edition 6.3
  • Sun Java System Directory Server Enterprise Edition 6.2
  • Sun Java System Directory Server Enterprise Edition 6.1
  • Sun Java System Directory Server Enterprise Edition 6.0
This issue can occur in the following releases for Solaris 9 and 10 on SPARC, x86 and x64 platforms, Linux, Windows, AIX and HP-UX:

PatchZIP (Compressed Archive) and Native package versions:
  • Sun Java System Directory Server 5.2 without patch 143462-01
To determine the version of Directory Server running on a system, the following command can be run:

For Directory Server 5.2:

On Solaris, Linux, AIX and HP-UX systems:
$ cd <installation directory>/bin/slapd/server
$ ./ns-slapd -V -D <instance-directory>
On 64-bit Solaris:
$ cd <installation directory>/bin/slapd/server/64
$ ./ns-slapd -V -D <instance-directory>
On 64-bit HP-UX:
$ cd <installation directory>/bin/slapd/server/pa20_64
$ ./ns-slapd -V -D <instance-directory>
On Windows systems:
cd <installation directory>\bin\slapd\server
slapd.exe -V -D <instance-directory>
If the output contains the version string 5.2, the system is affected by this issue.

For Directory Server 6.x:

On Solaris, Linux and HP-UX systems (including 64-bit systems):
$ cd <installation directory>/ds6/bin
$ ./dsadm -V
On Windows systems:
cd <installation directory>\ds6\bin
dsadm.exe -V
If the output contains the version string 6.0, 6.1, 6.2, 6.3 or 6.3.1, the system is affected by this issue.

For Directory Server 7.0:

On Solaris, Linux and HP-UX systems (including 64-bit systems):
$ cd <installation directory>/bin
$ ./dsadm -V
On Windows systems:
cd <installation directory>\bin
dsadm.exe -V
If the output contains the version string 7.0, the system is affected by this issue.

3. Symptoms

If the described issue occurs, the Directory Server may crash, resulting in the service being no longer available. If the system is configured to dump core, the stack trace may be observed to be similar to the following:
parse_LDAPProxyAuth ()
core_get_proxyauth_dn ()
common_core_set_pb ()
search_core_set_pb ()
ldap_decode_search ()
ldap_parse_request ()
process_ldap_operation_using_core_api ()
ldap_frontend_main_using_core_api ()

4. Workaround

There is no workaround available for this issue.

5. Resolution

 This issue is addressed in the following release (for Solaris 9 and 10 on SPARC and x64 platforms, Linux, HP-UX and Windows):

PatchZIP (Compressed Archive) and Native package versions:
  • Sun Directory Server Enterprise Edition 7.0 with patch 143884-01 or later
This issue is addressed in the following release (for Solaris 9 and 10 on SPARC, x86 and x64 platforms, Linux, HP-UX and Windows):

PatchZIP (Compressed Archive) and Native package versions:
  • Sun Java System Directory Server Enterprise Edition 6.3.1 with patch 143463-01 or later
Systems with Sun Java System Directory Server Enterprise Edition versions before 6.3.1 are recommended to upgrade to 6.3.1 and then install the resolution patch listed above.

The upgrade procedure is described in "Sun Java System Directory Server Enterprise Edition 6.3.1 Release Notes" in Chapter 2 at:
http://docs.sun.com/doc/820-5817/gibic
This issue is addressed in the following release (for Solaris 9 and 10 on SPARC, x86 and x64 platforms, Linux, HP-UX, AIX and Windows):
  • Sun Java System Directory Server 5.2 Patch 6 with patch 143462-01 or later
Systems with Sun Java System Directory Server 5.2 versions before 5.2 Patch 6 are recommended to upgrade to 5.2 Patch 6 and then install the resolution patch listed above.

The upgrade procedure is described in "Sun Java System Directory Server 5.2 Patch 6 Release Notes" in the Installation Chapter at:
http://docs.sun.com/doc/820-3003
For more information on Security Sun Alerts, see 1009886.1.

Modification History
26-Feb-2010: Updated Contributing Factors and Resolution sections for patch release
22-Oct-2010: No further updates; issue is Resolved

References

143884-01
143463-01
143462-01




Attachments
This solution has no attachment