CVE-2010-0313

Name of the Vulnerable Software and Affected Versions Sun Java System Directory Server Enterprise Edition version 7.0

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a crafted LDAP Search Request message. This is due to a NULL pointer dereference in the core get proxyauth dn function in ns-slapd.

Recommendations For Sun Java System Directory Server Enterprise Edition version 7.0, consider restricting access to the LDAP Search Request functionality until a fix is available. As a temporary workaround, limiting the exposure of the ns-slapd service to trusted sources may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.