In association with heise online

26 March 2007, 15:19

DoS hole in Sun's Java System Directory Server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service provider iDefense has reported that a flaw in Sun's Java System Directory Server can allow attackers to cause a process to crash in a denial-of-service attack. Furthermore, iDefense says it may also be possible for attackers to inject and execute malicious code through this hole.

The security service provider says that the functions that clean up variables and pointers after unsuccessful queries contain a design flaw that can allow free() to be called on uninitialized memory. The memory access error that then occurs causes the ns-slapd directory service to crash; further queries are then no longer possible. While iDefense says that it may be possible to execute code injected through this hole, the vendor also states that such attacks have not been demonstrated.

Sun ONE Directory Server 5.2 and Sun Java System Directory Server 5 2003Q4, 2004Q2, 2005Q1 and 2005Q4 are affected on all of the available platforms. Sun writes in its security advisory that it has been working on a patch for this vulnerability, which iDefense reported last August, but that the patch is not yet ready. Sun therefore recommends that until an update is released, users simply relaunch the service if it crashes.

For more information, see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit