Note: This is an archival copy of Security Sun Alert 200512 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000389.1.
Article ID : 1000389.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

The Sun ONE and Sun Java System Directory Servers Contain a Buffer Overflow in the Access Control Implementation for LDAP Requests

Category
Security

Release Phase
Resolved

Bug Id
6182428

Date of Resolved Release
13-APR-2005

Impact

A local or remote unprivileged user may be able to execute arbitrary commands on a vulnerable LDAP server with the privileges of the LDAP process or terminate the LDAP process resulting in a Denial of Service (DoS).

This issue is described in CERT Vulnerability Note VU#258905 at http://www.kb.cert.org/vuls/id/258905.


Contributing Factors

This issue can occur in the following releases:

Sun ONE Directory Server 5.1

  • SP3 and earlier (for Solaris 8, 9, and 10 on Solaris SPARC and Solaris x86 Platforms, Linux, Windows, HP-UX, and AIX)

Sun Java System Directory Server 5.2

  • without patch 115614-20 (for Solaris 8, 9, and 10 on the SPARC Platform)
  • without patch 115615-20 (for Solaris 8, 9, and 10 on the x86 Platform)
  • without patch 118080-05 (for Linux)

Or, the PatchZIP version of Sun Java System Directory Server 5.2 (5.2 RTM ZIP or 5.2 Patch2 ZIP):

  • without patch 117665-02 (for Solaris 8, 9, and 10 on the SPARC Platform)
  • without patch 117666-02 (for Solaris 8, 9 and 10 on the x86 Platform)
  • without patch 117668-02 (for Linux)
  • without patch 117667-02 (for Windows)
  • without patch 117669-02 (for HP-UX)
  • without patch 117670-02 (for AIX)

Notes:

  1. "RTM" is in reference to the first release of this product.
  2. This issue does not occur in Sun Java System Directory Server 2005Q1.

Symptoms

If the LDAP process is not running then users whose accounts are managed by the LDAP server may not be able to login and related LDAP commands such as ldapsearch(1) may no longer work. The ldap(1) utilities will output error messages similar to the following to the console: 

    can't connect to the LDAP server - connection refused

Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

Sun ONE Directory Server 5.1

  • SP4 and later (for Solaris 8, 9, and 10 on Solaris SPARC and Solaris x86 Platforms, Linux, Windows, HP-UX, and AIX)

Sun ONE Directory Server 5.1 SP4 can be downloaded from http://www.sun.com/download/products.xml?id=42155636

Sun Java System Directory Server 5.2 with the patches listed on the following platforms:

  • with patch 115614-20 or later (for Solaris 8, 9, and 10 on the SPARC Platform)
  • with patch 115615-20 or later (for Solaris 8, 9, and 10 on the x86 Platform)
  • with patch 118080-05 or later (for Linux)

Or, if upgrading from the PatchZIP version of Sun Java System Directory Server 5.2 (to upgrade from 5.2 RTM ZIP or 5.2 Patch2 ZIP):

  • with patch 117665-02 or later (for Solaris 8, 9, and 10 on the SPARC Platform)
  • with patch 117666-02 or later (for Solaris 8, 9, and 10 on the x86 Platform)
  • with patch 117668-02 or later (for Linux)
  • with patch 117667-02 or later (for Windows)
  • with patch 117669-02 or later (for HP-UX)
  • with patch 117670-02 or later (for AIX)


Modification History

Product
Sun Java System Directory Server 5.2

References
 118080-05

 115614-20

 115615-20

 117665-02

 117666-02

 117667-02

 117668-02

 117669-02

 117670-02



                                                                                                                                                  


Attachments
This solution has no attachment