Note: This is an archival copy of Security Sun Alert 201785 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001323.1. |
Category Security Category Availability Release Phase Resolved Sun Java Enterprise System 2003Q4 Sun Java Enterprise System 2005Q1 Sun Java Enterprise System 2004Q2 Bug Id 6421471 Date of Workaround Release 13-JUN-2006 Date of Resolved Release 17-JUL-2006 Impact A local or remote unprivileged user may be able to cause systems which have installed the Sun Java Enterprise System (JES) along with the patches listed below in Section 2 to become unresponsive or hang. This is a Denial of Service (DoS) due to a memory leak in the Network Security Services (NSS) software which is used by many of the Sun Java Enterprise System components such as the Sun Java System Application Server, the Sun Java System Web Server, and the Sun Java System Portal Server. NSS is an open source project which adds support for SSL, S/MIME, and other Internet security standards to the Sun Java Enterprise System. Further information about NSS can be found at http://www.mozilla.org/projects/security/pki/nss/ This issue is also described in CVE-2006-3127 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3127 Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Linux Platform
Notes:
To determine if the NSS packages are installed on a system, the following command can be run: % pkginfo SUNWtls To determine the version of NSS on a system, the following command can be run: % pkgparam SUNWtls SUNW_PRODVERS
Symptoms The system will become unresponsive and "hang". Applications on the system, such as Sun Java System Application Server or Sun Java System Web Server will no longer respond to client requests. Workaround To work around the described issue, back out whichever patch necessary (119209-07, 119211-07, 119212-07, 119213-07, 119214-07, 121656-07) according to which operating system version is installed. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Linux Platform
Modification History Date: 17-JUL-2006 17-Jul-2006:
Date: 19-JUL-2006 19-Jul-2006:
Date: 21-JUL-2006 21-Jul-2006:
References119209-08119211-08 119212-08 119213-08 119214-08 121656-08 Attachments This solution has no attachment |
|