|
Note: This is an archival copy of Security Sun Alert 200717 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000568.1. |
Category Security Release Phase Resolved Sun Java System Directory Server 5.2 Bug Id 6384310 Date of Workaround Release 26-APR-2006 Date of Resolved Release 19-MAY-2006 Impact A local or remote unprivileged user may be able to prevent an LDAP server from responding to LDAP client requests. This is a Denial of Service (DoS) as LDAP clients referencing the LDAP server may experience hangs or slow performance. Users may no longer be able to login on affected LDAP client systems. This issue is also described in CVE-2006-0647 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0647 Contributing Factors This issue can occur in the following releases for all platforms (Solaris 8, 9, and 10 on Solaris SPARC and Solaris x86 Platforms, Linux, Windows, HP-UX, and AIX): Native Package Versions:
without patch 122476-01 PatchZIP (Compressed Archive) versions:
without patch 122476-01 Note: Sun ONE Directory Server 5.1 and earlier versions are not affected by this issue. To determine the version of Directory Server running on a system, the following command can be used: $ cd <installation directory>/bin/slapd/server[/64] $ ./ns-slapd -V -D <instance-directory> Symptoms Should the described issue occur, the LDAP server will no longer respond to client LDAP requests. The LDAP server process, ns-slapd, may not be running on the LDAP server. If the LDAP server process is no longer running, there may a message similar to the following about failing to calloc a random number of bytes in the error log: ERROR<5135> - Resource Limit - conn=-1 op=-1 msgId=-1 - Memory allocation error calloc of 8248 bytes failed; errno 11 Workaround There is no Workaround for this issue. To recover from an unresponsive LDAP server instance, the following command can be used to restart the LDAP server process: On UNIX systems (usually as root user): # <server instance path>/start-slapd On Windows systems, open the "Services" panel and start the service manually. Resolution This issue is addressed in the following releases for all platforms (Solaris 8, 9, and 10 on Solaris SPARC and Solaris x86 Platforms, Linux, Windows, HP-UX, and AIX):
Note: Versions previous to Sun Java System Directory Server 5 2005Q4 or Sun Java System Directory Server 5.2 Patch4 must be upgraded to these versions before applying the patch. This issue can also be addressed by upgrading to Directory Server 5.2patch5 by applying the following patches: For the Native Package Versions:
For the PatchZIP (Compressed Archive) versions:
Modification History Date: 19-MAY-2006 19-May-2006:
Date: 13-APR-2007
References122476-01121393-02 118080-12 117668-04 117667-04 117669-04 117670-04 115614-27 115615-27 121392-03 117665-04 117666-04 Attachments This solution has no attachment | |||||||||||||||
|
|