Sun Java System Directory Server Denial of Service Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	01/15/2009
Severity:	High
Applications Affected:	Sun Java Directory Server 7.0
Type:	Remote
Identifiers:	CVE-2010-0313

Synopsis

Sun Java Directory Server Enterprise Edition is prone to remote denial of service Vulnerability, which could be exploited to cause denial of service condition in security context of logged-in user.

Recommended Actions

Allow only trusted users.

Threat Analysis

The Java System Directory Server is a component of the Java Enterprise System. Previous version of Sun Java System Directory Server was identified as Sun ONE Directory Server.It provides the most scalable, high-performance LDAP data storage, flexibility and supports a variety of access protocols.

Sun Java Directory Server Enterprise Edition is prone to remote denial of service Vulnerability.This vulnerability exists due to a NULL pointer dereference error in the core_get_proxyauth_dn() function. Successful exploitation could allow remote attackers to cause the target ns-slapd service to crash, resulting in denial of service condition.

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0313
http://www.securityfocus.com/bid/37699
http://www.vupen.com/english/advisories/2010/0085

Write-up by: Gaurav Bajpai