Category
Security
Release Phase
Resolved
ProductSun Java System Directory Proxy Server 5.2
Sun Java System Directory Server 5.2
Sun ONE Directory Server 5.1
Sun ONE Administration Server 5.2 Software
Bug Id
6252097
Date of Workaround Release22-NOV-2005
Date of Resolved Release14-Mar-2008
A security vulnerability in the Sun ONE and Sun Java System Directory Server's HTTP administrative interface ... see below:
1. Impact
A security vulnerability in the Sun ONE and Sun Java System Directory Server's HTTP administrative interface may allow a local or remote unprivileged user the ability to kill the admin server or execute arbitrary commands on the system with the privileges of the admin server process. The admin server process normally runs as the privileged "root" user. The ability to kill the admin server is a type of Denial of Service.
This issue is described in NGSSoftware SecurityTracker Alert ID 1015014 at:
Sun acknowledges, with thanks, Peter Winter-Smith of NGSSoftware, for bringing this issue to our attention.
2. Contributing Factors
This issue can occur in the following releases:
For Packaged versions:
SPARC Platform
- Sun ONE Directory Server 5.1 SP4 and earlier (for Solaris 8, 9, and 10)
- Sun ONE Administration Server 5.2 (for Solaris 8, 9, and 10) without patch 115610-23
bundled with:
- Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) without patch 115614-26
- Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) without patch 116373-18
x86 Platform
- Sun ONE Directory Server 5.1 SP4 and earlier (for Solaris 8, 9, and 10)
- Sun ONE Administration Server 5.2 (for Solaris 9 and 10) without patch 115611-23
bundled with:
- Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) without patch 115615-26
- Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) without patch 116374-14
Linux
- Sun ONE Directory Server 5.1 SP4 and earlier
- Sun ONE Administration Server 5.2 (for RHEL2.1) without patch 118079-10
bundled with:
- Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 without patch 118080-11
- Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 without patch 118096-08
Windows
- Sun ONE Directory Server 5.1 SP4 and earlier
- Sun Java System Directory Server 5.2 2005Q1
- Sun Java System Directory Proxy Server 5.2 2005Q1
HP-UX
- Sun ONE Directory Server 5.1 SP4 and earlier
- Sun Java System Directory Server 5.2 2005Q1
AIX
- Sun ONE Directory Server 5.1 SP4 and earlier
For zip compressed archives:
Sun ONE Directory Server 5.1 SP4 and earlier
- Solaris 8, 9, and 10 on the SPARC Platform
- Solaris 8, 9 and 10 on the x86 Platform
- Linux
- Windows
- HP-UX
- AIX
Sun Java System Directory Server 5.2 (5.2 RTM ZIP or 5.2 Patch2 ZIP or 5.2 Patch3 ZIP)
- Solaris 8, 9, and 10 on the SPARC Platform without patch 117665-03
- Solaris 8, 9 and 10 on the x86 Platform without patch 117666-03
- Linux without patch 117668-03
- Windows without patch 117667-03
- HP-UX without patch 117669-03
- AIX without patch 117670-03
Sun Java System Directory Proxy Server 5.2 (5.2 RTM ZIP or 5.2 Patch2 ZIP or 5.2 Patch3 ZIP)
- Solaris 8, 9, and 10 on the SPARC Platform without patch 119162-02
- Solaris 8, 9 and 10 on the x86 Platform without patch 119163-02
- Linux without patch 119164-02
- Windows without patch 119164-02
Notes:
- "RTM" is in reference to the first release of this product.
- This issue does not occur in Sun Java System Directory Server 5 2005Q4.
3. Symptoms
If the described issue is exploited to cause a Denial of Service, the admin server may crash, making its services unavailable.
There are no reliable symptoms that would indicate the described issue has been exploited to execute arbitrary commands as root on a system.
4. Workaround
To work around the described issue, disable the HTTP admin help functionality by removing the file "help" or "help.exe" in the following directory:
<installation directory>/manual/help
5. Resolution
This issue is addressed in the following releases:
For Packaged Versions:
SPARC Platform
- Sun ONE Administration Server 5.2 (for Solaris 8, 9, and 10) with patch 115610-23 or later
- Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) with patch 115614-26 or later
- Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) with patch 116373-18 or later
x86 Platform
- Sun ONE Administration Server 5.2 (for Solaris 9 and 10) with patch 115611-23 or later
- Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) with patch 115615-26 or later
- Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 (for Solaris 8, 9, and 10) with patch 116374-14 or later
Linux
- Sun ONE Administration Server 5.2 (for RHEL2.1) with patch 118079-10 or later
- Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1 with patch 118080-11 or later
- Sun Java System Directory Proxy Server 5.2 2003Q4, 2004Q2, and 2005Q1 with patch 118096-08 or later
For zip compressed archives:
Sun Java System Directory Server 5.2 (to upgrade from 5.2 RTM ZIP or 5.2 Patch2 ZIP or 5.2 Patch3 ZIP ):
- Solaris 8, 9, and 10 on the SPARC Platform with patch 117665-03 or later
- Solaris 8, 9 and 10 on the x86 Platform with patch 117666-03 or later
- Linux with patch 117668-03 or later
- Windows with patch 117667-03 or later
- HP-UX with patch 117669-03 or later
- AIX with patch 117670-03 or later
Modification History
14-Mar-2008: there will be no further resolutions to this issue. Resolved.
References
115614-26
115615-26
117665-03
117666-03
117668-03
117667-03
117669-03
117670-03
AttachmentsThis solution has no attachment