Note: This is an archival copy of Security Sun Alert 200167 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000122.1.
Article ID : 1000122.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun ONE Directory Server may be Terminated by Unprivileged LDAP Client Operations



Category
Security

Release Phase
Resolved

Bug Id
4735062

Date of Resolved Release
30-APR-2003

The directory server process "ns-slapd" may be terminated ...

1. Impact

The directory server process "ns-slapd" may be terminated by a local or remote unprivileged user. This would cause a denial of service to directory server services hosted on the affected system.


2. Contributing Factors

This issue can occur in the following releases:

Sun ONE bundled with Solaris

  • Sun ONE Directory Server 5.1 bundled with Solaris 9 (SPARC Platform) without patch 113859-01
  • Sun ONE Directory Server 5.1 bundled with Solaris 9 (x86 Platform) without patch 114273-01

Sun ONE unbundled

  • Sun ONE Directory Server 4.16 with all Service Packs
  • Sun ONE Directory Server 5.0 with all Service Packs
  • Sun ONE Directory Server 5.1 without Service Pack 2

Note: All architectures are impacted by this issue. For applicable architectures and OS versions, refer to: http://wwws.sun.com/software/download/inter_ecom.html.


3. Symptoms

If the described issue occurs, the directory server process, "ns-slapd", will no longer be running. A "core" file may have been generated. Running file(1) on the "core" file will reference "ns-slapd", similar to the following example:

	# file core
	core:	ELF 32-bit MSB core file SPARC Version 1, from 'ns-slapd'

The core file will have a stack trace similar to:

	libback-ldbm.so: fe77f63c ...	
	fe77f804 idl_old_fetch (30d4e0, 2341e8, fd1d08c4, 0, 2f2a28, fd1df480) + 6c
	fe7887ec index_read_ext (30d4e0, 39, ffff8400, ffff86ec, fe7d45f0, ...
	fe7884b0 index_read (30d4e0, fe7d432c, fe7bc3c8, fd1d09a8, 0, fd1df480) + 1c
	fe7868b0 dn2entry (0, 361b30, 0, fd1df480, 128c, 30d4e0) + c4
	fe7869f8 dn2entry_or_ancestor (30d4e0, 361b30, fd1df470, 0, fd1df480, 1000)...
	fe786b10 dn2ancestor (30d4e0, 361b18, fd1df470, 0, fd1df480, 30d4e0) + a0
	fe786a1c dn2entry_or_ancestor ...
	...
	fe7b6fa8 ldbm_back_delete ...

4. Workaround

The directory server needs to be restarted to recover from this issue if it is encountered. For example, if using bundled 5.1, run the following command:

	# /usr/sbin/directoryserver start

Note: The unbundled directory server is started by the command "start-slapd". For more information concerning start-slapd, refer to the iPlanet Directory Server Configuration, Command, and File Reference at: http://docs.sun.com/source/816-5608-10/index.html.


5. Resolution

This issue is addressed in the following releases:

Sun ONE bundled with Solaris

  • Sun ONE Directory Server 5.1 bundled with Solaris 9 (SPARC Platform) with patch 113859-01 or later
  • Sun ONE Directory Server 5.1 bundled with Solaris 9 (x86 Platform) with patch 114273-01 or later

Sun ONE unbundled

  • Sun ONE Directory Server 5.1 with Service Pack 2 or later

Available at: http://wwws.sun.com/software/download/inter_ecom.html.

Note: This issue will not be addressed for Sun ONE Directory Server 5.0 or 4.1.6. An upgrade will be required to a later release.

This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.



Product
Sun ONE Directory Server 5.1

References

113859-01
114273-01




Attachments
This solution has no attachment