Vigil@nce: Sun Directory Proxy Server, three vulnerabilities
January 2010 by Vigil@nce
Three vulnerabilities of Sun Java System Directory Proxy Server
can be used by an attacker, in order to access user’s data or to
create a denial of service.
– Severity: 2/4
– Consequences: user access/rights, data reading, denial of service
of service
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 3
– Creation date: 29/12/2009
IMPACTED PRODUCTS
– Sun Java System Directory Server
DESCRIPTION OF THE VULNERABILITY
The Sun Java System Directory Proxy Server product is provided
with Sun Java System Directory Server Enterprise. It is impacted
by three vulnerabilities.
In some cases, queries are handled with privileges of another
user. [grav:2/4; 6823593, 6828462, CVE-2009-4440]
An attacker can use special packets, in order to forbid access to
other clients. [grav:1/4; 6648665, 6782659, CVE-2009-4441,
CVE-2009-4442]
An attacker can forbid a user from obtaining his psearch results.
[grav:1/4; 6855978, CVE-2009-4443]
CHARACTERISTICS
– Identifiers: 270789, 6648665, 6782659, 6823593, 6828462, 6855978,
BID-37481, CVE-2009-4440, CVE-2009-4441, CVE-2009-4442,
CVE-2009-4443, VIGILANCE-VUL-9313
– Url: http://vigilance.fr/vulnerability/Sun-Directory-Proxy-Server-three-vulnerabilities-9313