Note: This is an archival copy of Security Sun Alert 228419 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1017357.1.
Article ID : 1017357.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2008-03-13
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the Sun ONE and Sun Java System Directory Server's and the Sun Java System Directory Proxy Server's HTTP Administrative Interface



Category
Security

Release Phase
Resolved

Product
Sun Java System Directory Proxy Server 5.2
Sun Java System Directory Server 5.2
Sun ONE Directory Server 5.1
Sun ONE Administration Server 5.2 Software

Bug Id
6252097

Date of Workaround Release
22-NOV-2005

Date of Resolved Release
14-Mar-2008

A security vulnerability in the Sun ONE and Sun Java System Directory Server's HTTP administrative interface ... see below:

1. Impact

A security vulnerability in the Sun ONE and Sun Java System Directory Server's HTTP administrative interface may allow a local or remote unprivileged user the ability to kill the admin server or execute arbitrary commands on the system with the privileges of the admin server process. The admin server process normally runs as the privileged "root" user. The ability to kill the admin server is a type of Denial of Service.

This issue is described in NGSSoftware SecurityTracker Alert ID 1015014 at:

Sun acknowledges, with thanks, Peter Winter-Smith of NGSSoftware, for bringing this issue to our attention.


2. Contributing Factors

This issue can occur in the following releases:

For Packaged versions:

SPARC Platform

  • Sun ONE Directory Server 5.1 SP4 and earlier (for Solaris 8, 9, and 10)
  • Sun ONE Administration Server 5.2 (for Solaris 8, 9, and 10) without patch 115610-23

bundled with:

  • Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) without patch 115614-26
  • Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) without patch 116373-18

x86 Platform

  • Sun ONE Directory Server 5.1 SP4 and earlier (for Solaris 8, 9, and 10)
  • Sun ONE Administration Server 5.2 (for Solaris 9 and 10) without patch 115611-23

bundled with:

  • Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) without patch 115615-26
  • Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) without patch 116374-14

Linux

  • Sun ONE Directory Server 5.1 SP4 and earlier
  • Sun ONE Administration Server 5.2 (for RHEL2.1) without patch 118079-10

bundled with:

  • Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 without patch 118080-11
  • Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 without patch 118096-08

Windows

  • Sun ONE Directory Server 5.1 SP4 and earlier
  • Sun Java System Directory Server 5.2 2005Q1
  • Sun Java System Directory Proxy Server 5.2 2005Q1

HP-UX

  • Sun ONE Directory Server 5.1 SP4 and earlier
  • Sun Java System Directory Server 5.2 2005Q1

AIX

  • Sun ONE Directory Server 5.1 SP4 and earlier

 

For zip compressed archives:

Sun ONE Directory Server 5.1 SP4 and earlier

  • Solaris 8, 9, and 10 on the SPARC Platform
  • Solaris 8, 9 and 10 on the x86 Platform
  • Linux
  • Windows
  • HP-UX
  • AIX

Sun Java System Directory Server 5.2 (5.2 RTM ZIP or 5.2 Patch2 ZIP or 5.2 Patch3 ZIP)

  • Solaris 8, 9, and 10 on the SPARC Platform without patch 117665-03
  • Solaris 8, 9 and 10 on the x86 Platform without patch 117666-03
  • Linux without patch 117668-03
  • Windows without patch 117667-03
  • HP-UX without patch 117669-03
  • AIX without patch 117670-03

Sun Java System Directory Proxy Server 5.2 (5.2 RTM ZIP or 5.2 Patch2 ZIP or 5.2 Patch3 ZIP)

  • Solaris 8, 9, and 10 on the SPARC Platform without patch 119162-02
  • Solaris 8, 9 and 10 on the x86 Platform without patch 119163-02
  • Linux without patch 119164-02
  • Windows without patch 119164-02

Notes:

  1. "RTM" is in reference to the first release of this product.
  2. This issue does not occur in Sun Java System Directory Server 5 2005Q4.

3. Symptoms

If the described issue is exploited to cause a Denial of Service, the admin server may crash, making its services unavailable.

There are no reliable symptoms that would indicate the described issue has been exploited to execute arbitrary commands as root on a system.


4. Workaround

To work around the described issue, disable the HTTP admin help functionality by removing the file "help" or "help.exe" in the following directory:

    <installation directory>/manual/help

 


5. Resolution

This issue is addressed in the following releases:

For Packaged Versions:

SPARC Platform

  • Sun ONE Administration Server 5.2 (for Solaris 8, 9, and 10) with patch 115610-23 or later
  • Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) with patch 115614-26 or later
  • Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) with patch 116373-18 or later

x86 Platform

  • Sun ONE Administration Server 5.2 (for Solaris 9 and 10) with patch 115611-23 or later
  • Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) with patch 115615-26 or later
  • Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) with patch 116374-14 or later

Linux

  • Sun ONE Administration Server 5.2 (for RHEL2.1) with patch 118079-10 or later
  • Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 with patch 118080-11 or later
  • Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 with patch 118096-08 or later

For zip compressed archives:

Sun Java System Directory Server 5.2 (to upgrade from 5.2 RTM ZIP or 5.2 Patch2 ZIP or 5.2 Patch3 ZIP ):

  • Solaris 8, 9, and 10 on the SPARC Platform with patch 117665-03 or later
  • Solaris 8, 9 and 10 on the x86 Platform with patch 117666-03 or later
  • Linux with patch 117668-03 or later
  • Windows with patch 117667-03 or later
  • HP-UX with patch 117669-03 or later
  • AIX with patch 117670-03 or later

Modification History
14-Mar-2008: there will be no further resolutions to this issue. Resolved.


References

115614-26
115615-26
117665-03
117666-03
117668-03
117667-03
117669-03
117670-03




Attachments
This solution has no attachment