|
|
|
|
| |
Credit:
The information has been provided by iDefense.
The original article can be found at:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=491
|
| |
Vulnerable Systems:
* Sun Java System Directory Server version 5.2 2005Q4.
* Previous versions are also suspected to be vulnerable.
Due to a design error in the clean-up code following certain types of failed queries, it is possible to cause the server to call the free() function on an address obtained from uninitialized memory. This can result in an invalid memory reference leading to denial of service.
Exploitation of this vulnerability allows remote attackers to cause a denial of service against the affected server, 'ns-slapd'.
In some situations it may be possible to put information from the remote attacker in the memory range being accessed which may allow execution of code, however this has not yet been demonstrated.
Workaround:
Restrict remote access at the network boundary, unless remote parties require service. Access to the affected host should be filtered at the network boundary if global accessibility is not required. Restricting access to only trusted hosts and networks may reduce the likelihood of exploitation.
Vendor Status:
Sun Microsystems Inc. has addressed this issue in Sun Java System Directory Server 5.2 Patch5.
For more information see Sun Alert ID 102853.
CVE Information:
CVE-2006-4175
Disclosure Timeline:
* 08/16/2006 - Initial vendor notification
* 08/21/2006 - Initial vendor response
* 03/23/2007 - Coordinated public disclosure
|
|
|
|
|
