[NEWS] Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design
Error Vulnerability
------------------------------------------------------------------------


SUMMARY

Sun Java
<http://www.sun.com/software/products/directory_srvr/home_directory.xml>
System Directory Server is "an LDAP server distributed by Sun with
multiple products".

Remote exploitation of a design error vulnerability in Sun Microsystems
Inc.'s Java System Directory Server 5.2 may cause a denial of service
(DoS) condition.

DETAILS

Vulnerable Systems:
* Sun Java System Directory Server version 5.2 2005Q4.
* Previous versions are also suspected to be vulnerable.

Due to a design error in the clean-up code following certain types of
failed queries, it is possible to cause the server to call the free()
function on an address obtained from uninitialized memory. This can result
in an invalid memory reference leading to denial of service.

Exploitation of this vulnerability allows remote attackers to cause a
denial of service against the affected server, 'ns-slapd'.

In some situations it may be possible to put information from the remote
attacker in the memory range being accessed which may allow execution of
code, however this has not yet been demonstrated.

Workaround:
Restrict remote access at the network boundary, unless remote parties
require service. Access to the affected host should be filtered at the
network boundary if global accessibility is not required. Restricting
access to only trusted hosts and networks may reduce the likelihood of
exploitation.

Vendor Status:
Sun Microsystems Inc. has addressed this issue in Sun Java System
Directory Server 5.2 Patch5.
For more information see
<http://sunsolve.sun.com/search/document.do?assetkey=1-26-102853-1> Sun
Alert ID 102853.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4175>
CVE-2006-4175

Disclosure Timeline:
* 08/16/2006 - Initial vendor notification
* 08/21/2006 - Initial vendor response
* 03/23/2007 - Coordinated public disclosure


ADDITIONAL INFORMATION

The information has been provided by iDefense.
The original article can be found at:

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=491>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=491



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages