DoS hole in Sun's Java System Directory Server
Security service provider iDefense has reported that a flaw in Sun's Java System Directory Server can allow attackers to cause a process to crash in a denial-of-service attack. Furthermore, iDefense says it may also be possible for attackers to inject and execute malicious code through this hole.
The security service provider says that the functions that clean up variables and pointers after unsuccessful queries contain a design flaw that can allow free() to be called on uninitialized memory. The memory access error that then occurs causes the ns-slapd directory service to crash; further queries are then no longer possible. While iDefense says that it may be possible to execute code injected through this hole, the vendor also states that such attacks have not been demonstrated.
Sun ONE Directory Server 5.2 and Sun Java System Directory Server 5 2003Q4, 2004Q2, 2005Q1 and 2005Q4 are affected on all of the available platforms. Sun writes in its security advisory that it has been working on a patch for this vulnerability, which iDefense reported last August, but that the patch is not yet ready. Sun therefore recommends that until an update is released, users simply relaunch the service if it crashes.
- Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability, iDefense's security advisory
- The Directory Server ("ns-slapd") May Exit Unexpectedly When Handling Certain Queries, Sun's security advisory
(ehe)