Sun Java System Directory Server Authentication Bypass Vulnerability
BID:18018
CVE-2006-2513 |Info
Sun Java System Directory Server Authentication Bypass Vulnerability
| Bugtraq ID: | 18018 |
| Class: | Unknown |
| CVE: |
CVE-2006-2513 |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 17 2006 12:00AM |
| Updated: | Jan 11 2012 05:00PM |
| Credit: | This issue was disclosed by the vendor. |
| Vulnerable: |
Sun Java System Directory Server 5.2 Patch4 Sun Java System Directory Server 5.2 Patch3 Sun Java System Directory Server 5.2 Patch2 Sun Java System Directory Server 5.2 2005Q4 Sun Java System Directory Server 5.2 2005Q1 Sun Java System Directory Server 5.2 2004Q2 Sun Java System Directory Server 5.2 2003Q4 Sun Java System Directory Server 5.2 Blue Coat Systems Policy Center 8.7 Blue Coat Systems Policy Center 8.6 Blue Coat Systems Policy Center 0 |
| Not Vulnerable: |
Blue Coat Systems Policy Center 8.7.2 |
Discussion
Sun Java System Directory Server Authentication Bypass Vulnerability
Sun Java System Directory Server is susceptible to an authentication-bypass vulnerability. This issue is due to an unspecified flaw in the application's installation process.
This issue allows local and remote attackers to gain administrative access to the affected service by logging into the Directory Server console. This may aid them in further attacks. Once attackers have administrative access to the directory server, they may alter data stored there; this data is used by other network services that depend on the directory server for authentication.
Sun Java System Directory Server version 5.2, and version 5.2 patchsets 2, 3, and 4 are vulnerable. If patchset 4 was not installed as an incremental package, it will not be affected. After this issue has been triggered, further installation of fixed packages will not resolve this issue.
Sun Java System Directory Server is susceptible to an authentication-bypass vulnerability. This issue is due to an unspecified flaw in the application's installation process.
This issue allows local and remote attackers to gain administrative access to the affected service by logging into the Directory Server console. This may aid them in further attacks. Once attackers have administrative access to the directory server, they may alter data stored there; this data is used by other network services that depend on the directory server for authentication.
Sun Java System Directory Server version 5.2, and version 5.2 patchsets 2, 3, and 4 are vulnerable. If patchset 4 was not installed as an incremental package, it will not be affected. After this issue has been triggered, further installation of fixed packages will not resolve this issue.
Exploit / POC
Sun Java System Directory Server Authentication Bypass Vulnerability
To exploit this issue, attackers use the directory server console.
To exploit this issue, attackers use the directory server console.
Solution / Fix
Sun Java System Directory Server Authentication Bypass Vulnerability
Solution:
The vendor has released Sun Alert ID 102345, along with manual workaround information to address this issue. Please see the referenced advisory for more information.
Solution:
The vendor has released Sun Alert ID 102345, along with manual workaround information to address this issue. Please see the referenced advisory for more information.
References
Sun Java System Directory Server Authentication Bypass Vulnerability
References:
References: