=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2009/VULN139
_____________________________________________________________________

DATE                      : 08/04/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Sun Java System Calendar
                                           Server.

======================================================================
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-255008-1
______________________________________________________________________

Solution Type: Sun Alert
Solution  255008 :   Security Vulnerability in Sun Java System Calendar
                      Server 6.3 May Allow Denial of Service (DoS)
Bug ID: 6728790

Product
Sun Java System Calendar Server 6.3

Date of Resolved Release: 01-Apr-2009

SA Document Body
Security Vulnerability in Sun Java System Calendar Server 6.3 May Allow
Denial of Service (DoS):

1. Impact

A security vulnerability in Sun Java System Calendar Server 6.3 may
allow a remote unprivileged user to crash the Calendar Server. This
is a type of Denial of Service (DoS).

2. Contributing Factors

This issue can occur in the following releases:
    SPARC Platform
      * Sun Java System Calendar Server 6.3 without patch 121657-30

    x86 Platform
      * Sun Java System Calendar Server 6.3 without patch 121658-30

    Linux
      * Sun Java System Calendar Server 6.3 without patch 121659-30

Note: Sun Java System Calender Server versions prior to 6.3 are not
       impacted by this issue.
       To determine the version of Sun Java System Calendar Server on a
       system, the following command can be run:
         $ csversion
       Sun Java(tm) System Calendar Server 6.3-7.01 (built Feb 20 2008)
       SunOS "testhost" 5.10 Generic_118833-36 sun4u sparc SUNW,A70

3. Symptoms

If  this issue is exploited to cause a Denial of Service (DoS), the
Calendar Server will no longer be running on the system. This can be
determined using a command such as the following, which will produce
no output if the process has crashed:
     $ pgrep cshttpd

Depending on the system configuration, the Calendar Server process may
leave a crash dump with a stack trace similar to the following:

     -----------------  lwp# 4 / thread# 4  --------------------
     ff05ff40 shtml_finishlogin (...) + 160
     0001dff4 cmd_login (...) + 364
     00017f78 cshttpd_post_cb (...) + 470
     fed8ff88 cmd_post (...) + 1b8
     fed8f2a8 cmd_exec (...) + da8
     fed8d8cc cmdloop  (...) + 3bc
     fed8c4f0 sock_readable (...) + 2f0
     feb45564 GDispCx_Dispatch (...) + 174
     feb45b78 GDispCx_InternalWork (...) + 3e0
     fe7c04f4 _lwp_start (...)

4. Workaround

There is no workaround for this issue.  Please see the Resolution
section below.

5. Resolution

This issue is addressed in the following releases:
    SPARC Platform
      * Sun Java System Calendar Server 6.3 with patch 121657-30 or later

    x86 Platform
      * Sun Java System Calendar Server 6.3 with patch 121658-30 or later

    Linux
      * Sun Java System Calendar Server 6.3 with patch 121659-30 or later

For more information on Security Sun Alerts, see Technical Instruction
ID 213557.
This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================