In association with heise online

14 June 2007, 13:44

Sun's Java Directory Server allows unauthorized data modifications

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Two vulnerabilities in Sun's Java System Directory Server may make it possible for users to gain unauthorized access to data both on local platforms and on the net. The vendor's security reports, however, do not reveal any details about these holes. What has been divulged is that the first vulnerability can expose information on the existence of normally concealed database entry attributes without authorization. Apparently, by using the second vulnerability, an unprivileged attacker could then make data modifications which normally require root privileges.

The vendor classifies the products Sun ONE Directory Server 5.1 and 5.2, Sun Java System Directory Server 5 (5.2 patch 1 to 4) and Sun Java Directory Server Enterprise Edition (DSEE) 6.0 on all supported platforms, as being affected by the vulnerabilities. Sun has included links in the security reports to updates that eliminate the faults.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit