Note: This is an archival copy of Security Sun Alert 261688 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020611.1. |
Category Security Release Phase Resolved 6844490 Product OpenSSO Enterprise 8.0 Sun Java System Access Manager 7.1 Sun Java System Access Manager 7 2005Q4 Sun Java System Access Manager 6 2005Q1 Date of Resolved Release 05-Aug-2009 A Security Vulnerability in OpenSSO Enterprise and Sun Java System Access Manager May Cause Denial of Service (DoS) 1. Impact A security vulnerability in OpenSSO Enterprise 8.0 or Sun Java System Access Manager may allow a local or remote user to hang or cause memory corruption in the server process by sending specially crafted XML documents, resulting in a Denial of Service (DOS). This issue is related to the vulnerabilities described in the following documents: CVE-2008-3529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529
CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 CVE-2008-4226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 2. Contributing Factors This issue can occur in the following releases: SPARC Platform
% pkginfo -l SUNWamsvc || echo "Sun Java Access Manager not installed"To determine the version of Sun Java System Access Manager on other systems, the following command can be run: $ <access-manager-install-dir>/bin/amadmin --version(where <access-manager-install-dir> is the installation directory of the Sun Java System Access Manager). To determine the version of OpenSSO on other systems, the following command can be run $ <tools-zip-root>/<deploy_uri>/bin/ssoadm --version(where <tools-zip-root> is the directory where the file ssoAdminTools.zip was originally uncompressed and <deploy_uri> is the name of the OpenSSO Enterprise deployment URI. For example: "opensso"). 3. Symptoms There are no predictable symptoms that would indicate the described issue has been exploited. 4. Workaround There is no workaround for this issue. Please see the Resolution section below. 5. Resolution This issue is addressed in the following releases: SPARC Platform
This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. References140504-03141655-02 126356-03 126357-03 126358-03 126359-03 119466-17 119467-17 119502-17 120954-10 120955-10 120956-10 124296-10 126371-10 Attachments This solution has no attachment |
|