[Sec-cert] [Sun] Schwachstelle im Sun Java System Directory Server - Sun Alert 275711

WiN Site Security Contacts win-sec-ssc at lists.dfn-cert.de
Fr Jan 22 09:00:07 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Sun Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

Sun Bug ID 6915746 - Denial of Service Schwachstelle im Sun Java System
Directory Server

  Im Sun Java System Directory Server (ns-slapd und slapd.exe) befindet
  sich eine nicht naeher beschriebene Schwachstelle, durch die ein
  entfernter Angreifer den Server zum Absturz bringen kann, indem er
  entsprechend augebaute LDAP Suchanfragen an das System sendet (Denial
  of Service).

Die Existenz der Schwachstelle koennen Sie wie folgt erkennen:

  Im Fall, dass die Schwachstelle ausgenutzt wird und das System zum
  Ziehen von Coredumps konfiguriert ist, zeigt sich im Coredump
  folgender Stacktrace:

  parse_LDAPProxyAuth () core_get_proxyauth_dn () common_core_set_pb ()
  search_core_set_pb () ldap_decode_search () ldap_parse_request ()
  process_ldap_operation_using_core_api ()
  ldap_frontend_main_using_core_api ()


Betroffen sind die folgenden Software Pakete und Plattformen:

  Solaris 9 und 10 auf SPARC, x86 und x64 Plattformen, sowie Linux,
  Windows und HP-UX:
  PatchZIP (Compressed Archive) und Native Package Versionen:
   * Sun Java System Directory Server Enterprise Edition 6.3.1
   * Sun Java System Directory Server Enterprise Edition 6.3
   * Sun Java System Directory Server Enterprise Edition 6.2
   * Sun Java System Directory Server Enterprise Edition 6.1
   * Sun Java System Directory Server Enterprise Edition 6.0
  
  Solaris 9 und 10 auf SPARC, x86 und x64 Plattformen, sowie Linux,
  Windows, AIX und HP-UX:
  PatchZIP (Compressed Archive) und Native Package Versionen:
       * Sun Java System Directory Server 5.2

  Solaris 9 und 10 auf SPARC, x86 und x64 Plattformen
  Linux
  Windows
  AIX
  HP-UX

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-275711-1


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
		Klaus Moeller, DFN-CERT

- -- 
Dipl. Inform. Klaus Moeller (Incident Response Team)
Phone: +49 40 808077-555, Fax: +49 40 808077-556

DFN-CERT Services GmbH, https://www.dfn-cert.de,  Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
Sachsenstrase 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

17. DFN Workshop    "Sicherheit in vernetzten Systemen"    09./10.02.2010
Informationen unter https://www.dfn-cert.de/veranstaltungen/workshop.html

Alert URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-275711-1
Sun Security Alert: 275711

   Security Vulnerability in the Sun Java System Directory Server May
   Allow Crafted LDAP Search Requests To Cause A Denial Of Service (DoS)
   Condition
    __________________________________________________________________

   Category : Security
   Release Phase : Preliminary
   Bug Id : 6915746
   Product : Sun Directory Server Enterprise Edition
   Sun Java System Directory Server Enterprise Edition 6.3
   Sun Java System Directory Server Enterprise Edition 6.2
   Sun Java System Directory Server Enterprise Edition 6.1
   Sun Java System Directory Server Enterprise Edition 6.0
   Sun Java System Directory Server 5.2
Security Vulnerability in the Sun Java System Directory Server May Allow Crafte
d LDAP Search Requests To Cause A Denial Of Service (DoS) Condition

   1. Impact
   A security vulnerability in the Sun Java System Directory Server
   (ns-slapd and slapd.exe) may allow a remote unprivileged user to crash
   the Directory Server process via crafted LDAP search requests, thereby
   leading to a Denial of Service (DoS) condition.
   2. Contributing Factors
   This issue can occur in the following releases for Solaris 9 and 10 on
   SPARC platform, Solaris 10 on x64 platform, Linux, Windows, and HP-UX:
   PatchZIP (Compressed Archive) and Native package versions:
     * Sun Directory Server Enterprise Edition 7.0

   This issue can occur in the following releases for Solaris 9 and 10 on
   SPARC, x86 and x64 platforms, Linux, Windows, and HP-UX:
   PatchZIP (Compressed Archive) and Native package versions:
     * Sun Java System Directory Server Enterprise Edition 6.3.1
     * Sun Java System Directory Server Enterprise Edition 6.3
     * Sun Java System Directory Server Enterprise Edition 6.2
     * Sun Java System Directory Server Enterprise Edition 6.1
     * Sun Java System Directory Server Enterprise Edition 6.0

   This issue can occur in the following releases for Solaris 9 and 10 on
   SPARC, x86 and x64 platforms, Linux, Windows, AIX and HP-UX:
   PatchZIP (Compressed Archive) and Native package versions:
     * Sun Java System Directory Server 5.2

   To determine the version of Directory Server running on a system, the
   following command can be run:
   For Directory Server 5.2:
   On Solaris, Linux, AIX and HP-UX systems:
$ cd <installation directory>/bin/slapd/server
$ ./ns-slapd -V -D <instance-directory>

   On 64-bit Solaris:
$ cd <installation directory>/bin/slapd/server/64
$ ./ns-slapd -V -D <instance-directory>

   On 64-bit HP-UX:
$ cd <installation directory>/bin/slapd/server/pa20_64
$ ./ns-slapd -V -D <instance-directory>

   On Windows systems:
cd <installation directory>\bin\slapd\server
slapd.exe -V -D <instance-directory>

   If the output contains the version string 5.2, the system is affected
   by this issue.
   For Directory Server 6.x:
   On Solaris, Linux and HP-UX systems (including 64-bit systems):
$ cd <installation directory>/ds6/bin
$ ./dsadm -V

   On Windows systems:
cd <installation directory>\ds6\bin
dsadm.exe -V

   If the output contains the version string 6.0, 6.1, 6.2, 6.3 or 6.3.1,
   the system is affected by this issue.
   For Directory Server 7.0:
   On Solaris, Linux and HP-UX systems (including 64-bit systems):
$ cd <installation directory>/bin
$ ./dsadm -V

   On Windows systems:
cd <installation directory>\bin
dsadm.exe -V

   If the output contains the version string 7.0, the system is affected
   by this issue.
   3. Symptoms
   If the described issue occurs, the Directory Server may crash,
   resulting in the service being no longer available. If the system is
   configured to dump core, the stack trace may be observed to be similar
   to the following:
parse_LDAPProxyAuth ()
core_get_proxyauth_dn ()
common_core_set_pb ()
search_core_set_pb ()
ldap_decode_search ()
ldap_parse_request ()
process_ldap_operation_using_core_api ()
ldap_frontend_main_using_core_api ()

   4. Workaround
   There is no workaround available for this issue.
   5. Resolution
   A final resolution is pending completion.
   For more information on Security Sun Alerts, see Technical Instruction
   ID 213557.
   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided by
   third parties. The issues described in this Sun Alert notification may
   or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
   NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
   ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
   INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
   OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
   Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions of
   your agreement to purchase services from Sun, or, if you do not have
   such an agreement, the Sun.com Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these
   agreements.
   Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved.
   Attachments
This solution has no attachment





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFLWVsHWmhIvjFb90URAmdCAJ9+0G6uxhYNmRr9pV4+K7ihbBEIXQCeNDex
4wlvw+mbKYFyZGQhP36yM4U=
=4vcg
-----END PGP SIGNATURE-----



Mehr Informationen über die Mailingliste Sec-cert