The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Sun Java System Directory Server: denial of service of LDAP

Synthesis of the vulnerability 

An attacker can send a malicious LDAP query in order to stop the service.
Vulnerable systems: Oracle Directory Server.
Severity of this threat: 2/4.
Creation date: 02/05/2007.
Références of this weakness: 102895, 6421049, BID-23743, VIGILANCE-VUL-6776.

Description of the vulnerability 

The LDAP protocol uses ASN.1 and the BER (Basic Encoding Rules) encoding.

The Sun Java System Directory Server directory uses the "LDAP Software Development Kit (SDK) for C" library.

When the directory receives a malicious LDAP query, its BER decoding generates an error of memory size computation in this library.

This vulnerability leads to a denial of service, and may lead to code execution.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability alert impacts software or systems such as Oracle Directory Server.

Our Vigil@nce team determined that the severity of this computer weakness alert is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this computer vulnerability.

Solutions for this threat 

Sun Java System Directory Server 5.2: patch 5.
Version 5.2 Patch5 is available.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides application vulnerability bulletins. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.