Note: This is an archival copy of Security Sun Alert 201066 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000789.1.
Article ID : 1000789.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-05-02
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Sun Java System Directory Server May Cause Denial of Service (DoS)

Category
Security

Release Phase
Resolved

Product
Sun Java System Directory Server 5.2
Sun Java System Directory Server Enterprise Edition
Sun ONE Directory Server 5.1

Bug Id
6421049

Date of Resolved Release
01-MAY-2007

Impact

A local or remote unprivileged user may be able to cause the Sun Java System Directory Server to crash. This is a Denial of Service (DoS) due to a "Ber decoding" issue in the LDAP Software Development Kit (SDK) for C.


Contributing Factors

This issue can occur in the following releases for all platforms (Solaris 8, 9, and 10 on Solaris SPARC and Solaris x86 Platforms, Linux, Windows, HP-UX, and AIX):

Native Package Versions:

  • Sun Java System Directory Server 5 2003Q4 (5.2)
  • Sun Java System Directory Server 5 2004Q2 (5.2 Patch 2)
  • Sun Java System Directory Server 5 2005Q1 (5.2 Patch 3)
  • Sun Java System Directory Server 5 2005Q4 (5.2 Patch 4)

PatchZIP (Compressed Archive) versions:

  • Sun ONE Directory Server 5.1
  • Sun Java System Directory Server 5.2
  • Sun Java System Directory Server 5.2 Patch 2
  • Sun Java System Directory Server 5.2 Patch 3
  • Sun Java System Directory Server 5.2 Patch 4

without Sun Java System Directory Server version 5.2 Patch 5 (see "Resolution" section).

To determine the version of Directory Server running on a system, the following command can be used:

    $ cd <installation directory>/bin/slapd/server[/64]
    $ ./ns-slapd -V -D <instance-directory>

Symptoms

Should the described issue occur, the Directory Server will crash with a message in the error log similar to the following (the malloc() bytes vary):

    [03/May/2006:08:44:30 +0200] - ERROR<5130> - Resource Limit - conn=-1 op=-1 msgId=-1-
    Memory allocation error  malloc of 1879048193 bytes failed; errno 11
    The server has probably allocated all available virtual memory. To solve this problem, make
    more virtual memory available to your server, or reduce the size of the server's `Maximum
    Entries in Cache' (cachesize) or `Maximum DB Cache Size' (dbcachesize) parameters.
    can't recover; calling exit(1)

Workaround

There is no workaround for this issue. Please see Resolution section below.


Resolution

This issue is addressed in the following releases for all platforms (Solaris 8, 9, and 10 on Solaris SPARC and Solaris x86 Platforms, Linux, Windows, HP-UX, and AIX):

Native Packages versions:

Sun Java System Directory Server 5.2 Patch 5 (or later), as delivered in the following:

  • Solaris SPARC: 116837-03, 115614-27, 115610-24
  • Solaris X86: 116838-03, 115615-27, 115611-24
  • Linux: 118353-03, 118080-12, 118079-11

PatchZIP (Compressed Archive) Versions:

Sun Java System Directory Server 5.2 Patch 5 (or later), as delivered in the following:

  • Solaris SPARC: 117665-04
  • Solaris x86: 117666-04
  • Linux: 117668-04
  • Windows: 117667-04
  • HP-UX: 117669-04
  • AIX: 117670-04

To correct this issue for Sun ONE Directory Server 5.1, users should upgrade to version 5.2 and install the resolution listed above.

Note: A fix for this issue is included in LDAP C SDK 5.18 (to be installed with 5.2 Patch 5.



References

116837-03
115614-27
115610-24
116838-03
115615-27
115611-24
118353-03
118080-12
118079-11
117668-04
117667-04
117669-04
117670-04
117665-04
117666-04




Attachments
This solution has no attachment