| VID |
12081 |
| Severity |
30 |
| Port |
2571 |
| Protocol |
TCP |
| Class |
LDAP |
| Detailed Description |
The Sun ONE Directory server is vulnerable to a denial of service vulnerability which exists in versions 5.x. Sun ONE Directory Server (formerly iPlanet Directory Server) versions 5.x is vulnerable to a denial of service attack, caused by a memory allocation error in the LDAP (Lightweight Directory Access Protocol) service. By sending a specially-crafted subtree search request with a long string to TCP port 2571, a remote attacker could crash an affected LDAP service.
* References:
http://archives.neohapsis.com/archives/dailydave/2006-q1/0129.html
http://secunia.com/advisories/18769/
http://www.frsirt.com/english/advisories/2006/0492
http://lists.immunitysec.com/pipermail/dailydave/2006-February/002914.html
http://lists.immunitysec.com/pipermail/dailydave/2006-February/002916.html
* Platforms Affected:
Sun Java System Directory Server 5.x
Sun ONE Directory Server 5.x
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of February 2006.
Upgrade to the latest version of Sun ONE Directory Server (greater than 5.2), when new version fixed this problem becomes available from the Sun Microsystems Web site at http://wwws.sun.com/software/products/directory_srvr/home_directory.html |
| Related URL |
CVE-2006-0647 (CVE) |
| Related URL |
16550 (SecurityFocus) |
| Related URL |
(ISS) |
|
