Vigil@nce: Sun Java Directory Proxy Server, denial of service
February 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can use a malicious LDAP query in order to stop Sun
Java Directory Proxy Server.
Gravity: 2/4
Consequences: denial of service of service
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 13/02/2009
IMPACTED PRODUCTS
– Sun Java System Directory Server
DESCRIPTION OF THE VULNERABILITY
The Sun Java System Directory Proxy Server component is a LDAP
gateway. It is impacted by two denials of service.
A LDAP query containing a long attribute generates a denial of
service in JDBC [grav:2/4; 6643181]
A LDAP query containing a long value generates a denial of service
in JDBC [grav:2/4; 6646107]
An attacker can therefore use a malicious LDAP query in order to
stop Sun Java Directory Proxy Server.
CHARACTERISTICS
Identifiers: 251086, 6643181, 6646107, BID-33761, CVE-2009-0609,
VIGILANCE-VUL-8471
http://vigilance.fr/vulnerability/Sun-Java-Directory-Proxy-Server-denial-of-service-8471