PT-2007-1167 · Sun · Sun One Directory Server+1
Published
2007-03-26
·
Updated
2024-02-09
·
CVE-2006-4175
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Sun Java System Directory Server versions 5.2 Patch4 and earlier
ONE Directory Server versions 5.1 and 5.2
Description:
The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending malformed queries to the LDAP server. The queries are likely malformed BER queries, which trigger the freeing of uninitialized memory locations.
Recommendations:
For Sun Java System Directory Server versions 5.2 Patch4 and earlier, update to a version later than Patch4 to resolve the issue.
For ONE Directory Server versions 5.1 and 5.2, consider restricting access to the LDAP server until a patch is available.
Fix
Access of Uninitialized Pointer
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sun One Directory Server
Sun Java System Directory Server