|Title:||Security Vulnerability in Sun Java System Directory Proxy Server May Grant Unauthorized Administrative Access|
|Copyright Notice:||Copyright © 2008 Sun Microsystems, Inc. All Rights Reserved|
|Update Date:||Fri Apr 25 00:00:00 MDT 2008|
Solution Type Sun Alert
Solution 235381 : Security Vulnerability in Sun Java System Directory Proxy Server May Grant Unauthorized Administrative Access
Sun Java System Directory Server 6.0, 6.1, 6.2, Enterprise EditionDate of Resolved Release
25-Apr-2008SA Document Body
Security Vulnerability in Sun Java System Directory Proxy Server May Grant Unauthorized Administrative Access
1. ImpactA security vulnerability in the Sun Java System Directory Proxy Server may allow a remote unprivileged user to gain unauthorized administrative access to the server. This is caused by the server incorrectly classifying a connection based on the "bind-dn" criteria, resulting in an incorrect policy being applied.
2. Contributing FactorsThis issue can occur in the following releases for all platforms (Solaris 8, 9, and 10 SPARC and x86 Platforms, Linux, Windows, and HP-UX):
- Directory Server Enterprise Edition 6.0, 6.1 and 6.2
To determine if the Directory Server running on a system is affected, the following command can be used:
$ dpadm -V
If the output contains the version string 6.0, 6.1 or 6.2, the system is affected by this issue.
3. SymptomsThere are no predictable symptoms that would indicate this issue has been exploited.
4. WorkaroundThere is no workaround for this issue. Please see the Resolution section below.
5. ResolutionThis issue is addressed in the following releases:
Native Package Versions:
- Solaris 9 and 10 SPARC patch 125276-07 or later
- Solaris 9 x86 patch 125277-07 or later
- Solaris 10 x86 and x64 patch 125278-07 or later
- Linux patch 125309-07 or later
- Solaris 9 and 10 SPARC patch 126748-04 or later
- Solaris 9 x86 patch 126749-04 or later
- Solaris 10 x86 and x64 patch 126750-04 or later
- Linux patch 126751-04 or later
- Windows patch 126753-04 or later
- HP-UX patch 126752-04 or later
For more information on the upgrade process please see the following:
Directory Server 6.3 Release Notes are available at:
and the Directory Server 6.3 Installation Guide is available at:
For more information on Security Sun Alerts, see Technical Instruction ID 213557 .
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.