=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN211
_____________________________________________________________________

DATE                      : 28/04/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Sun Java System Directory
                                                            Server 5.2.

======================================================================

Sun(sm) Alert Notification

    This is a preliminary Sun Alert notification. Sun provides these
    notices in an effort to allow customers to implement mitigation
    strategies while these issues are being investigated. The information
    contained in these documents is likely to change as more is learned
    about the applicable issues. At the time of publication, workarounds
    and/or final resolutions are not available for the issues. Preliminary
    Sun Alert notifications will be updated as more information becomes
    available.
      * Sun Alert ID: 102294
      * Synopsis: Sun Java System Directory Server: Denial of Service May
        Occur Due to Large Memory Allocation for Specific LDAP Requests
      * Category: Security
      * Product: Sun Java System Directory Server 5.2
      * BugIDs: 6384310
      * Avoidance: None
      * State: Preliminary
      * Date Released: 26-Apr-2006
      * Date Closed:
      * Date Modified:

1. Impact

    A local or remote unprivileged user may be able to prevent an LDAP
    server from responding to LDAP client requests. This is a Denial of
    Service (DoS) as LDAP clients referencing the LDAP server may
    experience hangs or slow performance. Users may no longer be able to
    login on affected LDAP client systems.

    This issue is also described in CVE-2006-0647 at
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0647

2. Contributing Factors

    This issue can occur in the following releases for all platforms
    (Solaris 8, 9, and 10 on Solaris SPARC and Solaris x86 Platforms,
    Linux, Windows, HP-UX, and AIX):

    Native Package Versions:
      * Sun ONE Directory Server 5.2
      * Sun Java System Directory Server 5 2003Q4 (5.2patch1)
      * Sun Java System Directory Server 5 2004Q2 (5.2patch2)
      * Sun Java System Directory Server 5 2005Q1 (5.2patch3)
      * Sun Java System Directory Server 5 2005Q4 (5.2patch4)

    PatchZIP (Compressed Archive) versions:
      * Sun One Directory Server 5.2
      * Sun Java System Directory Server 5.2 Patch2
      * Sun Java System Directory Server 5.2 Patch3
      * Sun Java System Directory Server 5.2 Patch4

    Note: Sun ONE Directory Server 5.1 and earlier versions are not
    affected by this issue.

    To determine the version of Directory Server running on a system, the
    following command can be used:
     $ cd <installation directory>/bin/slapd/server[/64]
     $ ./ns-slapd -V -D <instance-directory>

3. Symptoms

    Should the described issue occur, the LDAP server will no longer
    respond to client LDAP requests. The LDAP server process, ns-slapd,
    may not be running on the LDAP server. If the LDAP server process is
    no longer running, there may a message similar to the following about
    failing to calloc a random number of bytes in the error log:
     ERROR<5135> - Resource Limit - conn=-1 op=-1 msgId=-1 -
     Memory allocation error calloc of 8248 bytes failed; errno 11

4. Relief/Workaround

    There is no Workaround for this issue. To recover from an unresponsive
    LDAP server instance, the following command can be used to restart the
    LDAP server process:

    On UNIX systems (usually as root user):
     # <server instance path>/start-slapd

    On Windows systems, open the "Services" panel and start the service
    manually.

5. Resolution

    A final resolution is pending completion.

    This Sun Alert notification is being provided to you on an "AS IS"
    basis. This Sun Alert notification may contain information provided by
    third parties. The issues described in this Sun Alert notification may
    or may not impact your system(s). Sun makes no representations,
    warranties, or guarantees as to the information contained herein. ANY
    AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
    WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
    NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
    YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
    INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
    OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
    This Sun Alert notification contains Sun proprietary and confidential
    information. It is being provided to you pursuant to the provisions of
    your agreement to purchase services from Sun, or, if you do not have
    such an agreement, the Sun.com Terms of Use. This Sun Alert
    notification may only be used for the purposes contemplated by these
    agreements.

    Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa
    Clara, CA 95054 U.S.A. All rights reserved

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================