Note: This is an archival copy of Security Sun Alert 276210 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021812.1.
Article ID : 1021812.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-05-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

This Alert covers CVE-2010-0897 for the Sun Java System Directory Server product.



Category
Security

Release Phase
Resolved

Bug Id
6793557, 6896069, 6896070, 6896071

Product
Sun Java System Directory Server Enterprise Edition 6.3
Sun Java System Directory Server Enterprise Edition 6.2
Sun Java System Directory Server Enterprise Edition 6.1
Sun Java System Directory Server Enterprise Edition 6.0
Sun Java System Directory Server 5.2

Date of Resolved Release
12-Apr-2010

...

1. Impact

This Alert covers CVE-2010-0897 for the Sun Java System Directory Server product.

Please see http://www.oracle.com/technology/deploy/security/alerts.htm
for more information about Critical Patch Updates and Security Alerts.
This publication relates to the CPU for April 2010.


2. Contributing Factors

These issues can occur in the following releases:

Sun Java System Directory Server 5.2

  • Solaris 9 and 10 SPARC
  • Solaris 9 x86
  • Solaris 10 x86
  • AMD64
  •  Linux
  • Windows
  • AIX
  • HP-UX

Including PatchZIP (Compressed Archive) and Native package versions.

Sun Java System Directory Server Enterprise Edition 6.0, 6.1, 6.2, 6.3, 6.3.1

  • Solaris 9 and 10 SPARC
  • Solaris 9 x86
  • Solaris 10 x86
  • AMD64
  •  Linux
  • Windows
  •  HP-UX

Including PatchZIP (Compressed Archive) and Native package versions.

To determine the version of Directory Server running on a system, the following
commands can be run:

Sun Java System Directory Server 5.2:

On Solaris, Linux, HP-UX, and AIX systems:

     $ cd <installation directory>/bin/slapd/server
$ ./ns-slapd -V -D <instance-directory>

On 64-bit Solaris:

     $ cd <installation directory>/bin/slapd/server/64
$ ./ns-slapd -V -D <instance-directory>

On Windows systems:

     cd <installation directory>\bin\slapd\server
slapd.exe -V -D <instance-directory>

Sun Java System Directory Server Enterprise Edition 6 (all releases):

On Unix systems:

     $ cd <installation directory>/ds6/bin
$ ./dsadm -V

On Windows systems:

     <installation directory>\ds6\bin\dsadm.exe -V



5. Resolution

This issue is addressed in the following releases:

For Solaris 9 and 10 on SPARC, x86 and x64 platforms, Linux, HP-UX and Windows):

  • Sun Java System Directory Server Enterprise Edition 6.3.1 with patch 143463-01 or later

Systems with Sun Java System Directory Server Enterprise Edition versions
before 6.3.1 are recommended to upgrade to 6.3.1 and then install the
resolution patch listed above.

The upgrade procedure is described in "Sun Java System Directory Server
Enterprise Edition 6.3.1 Release Notes" in Chapter 2 at:

          http://docs.sun.com/doc/820-5817/gibic

For Solaris 9 and 10 on SPARC, x86 and x64 platforms, Linux, HP-UX, AIX and Windows):

  • Sun Java System Directory Server 5.2 Patch 6 with patch 143462-01 or later

Systems with Sun Java System Directory Server 5.2 versions before 5.2 Patch 6
are recommended to upgrade to 5.2 Patch 6 and then install the resolution patch
listed above.

The upgrade procedure is described in "Sun Java System Directory Server 5.2
Patch 6 Release Notes" in the Installation Chapter at :

          http://docs.sun.com/doc/820-3003



References

143463-01
143462-01





Attachments
This solution has no attachment