Sun Java System Directory Server BER Decoding Denial Of Service Vulnerability

Bugtraq ID:	23743
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-2466
Remote:	Yes
Local:	No
Published:	May 01 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Sun ONE Directory Server 5.1 - HP HP-UX 11.0 - HP HP-UX 11i v1 - IBM AIX 4.3.3 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - RedHat Linux 7.2 - Sun Linux 5.0.3 - Sun Linux 5.0 + Sun Solaris 9_x86 + Sun Solaris 9 - Sun Solaris 8_x86 - Sun Solaris 8_sparc Sun Java System Directory Server 5.2 Patch4 Sun Java System Directory Server 5.2 Patch3 Sun Java System Directory Server 5.2 Patch2 Sun Java System Directory Server 5.2 2005Q4 Sun Java System Directory Server 5.2 2005Q1 Sun Java System Directory Server 5.2 2004Q2 Sun Java System Directory Server 5.2 2003Q4 Sun Java System Directory Server 5.2 Blue Coat Systems Policy Center 8.7 Blue Coat Systems Policy Center 8.6 Blue Coat Systems Policy Center 0
Not Vulnerable:	Blue Coat Systems Policy Center 8.7.2

Sun Java System Directory Server BER Decoding Denial Of Service Vulnerability

Sun Java System Directory Server is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the server, denying access to legitimate users.

Sun Java System Directory Server BER Decoding Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Sun Java System Directory Server BER Decoding Denial Of Service Vulnerability

Solution:
The vendor has released fixes to address this issue. Please see the references for more information.


Sun Java System Directory Server 5.2 2003Q4

• Sun 115610-24
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115610-24-1


• Sun 115611-24
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115611-24-1


• Sun 115614-27
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115614-27-1


• Sun 115615-27
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115615-27-1


• Sun 116837-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116837-03-1


• Sun 116838-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116838-03-1


• Sun 118080-12
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118080-12-1


• Sun 118353-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118353-03-1

Sun Java System Directory Server 5.2 2004Q2

• Sun 115610-24
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115610-24-1


• Sun 115611-24
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115611-24-1


• Sun 115614-27
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115614-27-1


• Sun 115615-27
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115615-27-1


• Sun 116837-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116837-03-1


• Sun 116838-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116838-03-1


• Sun 118080-12
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118080-12-1


• Sun 118353-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118353-03-1

Sun Java System Directory Server 5.2 2005Q1

• Sun 115610-24
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115610-24-1


• Sun 115611-24
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115611-24-1


• Sun 115614-27
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115614-27-1


• Sun 115615-27
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115615-27-1


• Sun 116837-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116837-03-1


• Sun 116838-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116838-03-1


• Sun 118080-12
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118080-12-1


• Sun 118353-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118353-03-1

Sun Java System Directory Server 5.2 Patch3

• Sun 117667-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117667-04-1


• Sun 117668-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117668-04-1


• Sun 117669-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117669-04-1


• Sun 117670-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117670-04-1

Sun Java System Directory Server 5.2 Patch4

• Sun 117667-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117667-04-1


• Sun 117668-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117668-04-1


• Sun 117669-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117669-04-1


• Sun 117670-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117670-04-1

Sun Java System Directory Server 5.2 Patch2

• Sun 117667-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117667-04-1


• Sun 117668-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117668-04-1


• Sun 117669-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117669-04-1


• Sun 117670-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117670-04-1

Sun Java System Directory Server 5.2

• Sun 117667-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117667-04-1


• Sun 117668-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117668-04-1


• Sun 117669-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117669-04-1


• Sun 117670-04
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117670-04-1

Sun Java System Directory Server 5.2 2005Q4

• Sun 115610-24
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115610-24-1


• Sun 115611-24
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115611-24-1


• Sun 115614-27
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115614-27-1


• Sun 115615-27
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -115615-27-1


• Sun 116837-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116837-03-1


• Sun 116838-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116838-03-1


• Sun 118080-12
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118080-12-1


• Sun 118353-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118353-03-1

Sun Java System Directory Server BER Decoding Denial Of Service Vulnerability

References:

• Sun Java System Directory Server Homepage (Sun)
  
• 102895 - Security Vulnerability in Sun Java System Directory Server May Cause De (Sun)
  
• January 10, 2012 - Multiple Sun ONE Directory Server vulnerabilities in PolicyCe (Blue Coat Systems)