=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN556
_____________________________________________________________________

DATE                      : 28/12/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Sun Java System Directory Server Enterprise.

======================================================================
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1
______________________________________________________________________


Directory Proxy Server Provided with Directory Server Enterprise Edition 6
is Subject to Denial of Service (DoS) and May Allow Unauthorized Access to
Certain Data

Category :	Security
Release Phase :	Resolved
Bug Id :	6828462, 6823593, 6782659, 6855978, 6648665
Product :	Sun Java System Directory Server Enterprise Edition 6.0
Sun Java System Directory Server Enterprise Edition 6.1
Sun Java System Directory Server Enterprise Edition 6.2
Sun Java System Directory Server Enterprise Edition 6.3
Date of Resolved Release :	23-Dec-2009

Directory Proxy Server Provided with Directory Server Enterprise Edition 6
is Subject to Denial of Service (DoS) and May Allow Unauthorized Access to
Certain Data



1. Impact

Multiple security vulnerabilities in the Directory Proxy Server provided with
Directory Server Enterprise Edition 6.x may allow a remote unprivileged user
to do the following:

- cause a client operation to run temporarily with another client's privileges
under certain circumstances
- cause the server to stop responding to new client connections, using specially
forged packets
- prevent the server from sending results to other 'psearch' clients using a
specially designed 'psearch' client"

2. Contributing Factors

These issues can occur in the following releases (for Solaris 9 and 10 on SPARC
and x86 platforms, for Linux, and Windows):

PatchZIP (Compressed Archive) and Native package versions:

    * Sun Java System Directory Server Enterprise Edition 6.0
    * Sun Java System Directory Server Enterprise Edition 6.1
    * Sun Java System Directory Server Enterprise Edition 6.2
    * Sun Java System Directory Server Enterprise Edition 6.3
    * Sun Java System Directory Server Enterprise Edition 6.3.1 without patch 141958-01

Note: Sun Java System Directory Server 5.2 is not affected by this issue.

To determine if the Directory Proxy Server part of Directory Server Enterprise Edition
running on a system is affected, the following command can be used:

$ dpadm -V

If the output contains the version string 6.0, 6.1, 6.2, 6.3 or 6.3.1, the system is
affected by this issue.

3. Symptoms

If the server is affected by these vulnerabilities, the following symptoms can be seen:

- A client operation running temporarily with another client's privileges may
fail if temporary privileges are not suitable.
- The server doesn't answer to new client connections until restarted and
messages are logged in the error log.
- The server consumes 100% of a given Core/CPU and psearch clients do not
receive updates.

4. Workaround

There is no workaround for these issues. Please see the Resolution section below.

5. Resolution

These issues are addressed in the following release (for Solaris 9 and 10 on SPARC
and x86 platforms, for Linux, and Windows):

    * Sun Java System Directory Server Enterprise Edition 6.3.1 with patch
141958-01 or later

Systems with Sun Java System Directory Server Enterprise Edition versions before
6.3.1 are recommended to upgrade to 6.3.1 and then install the resolution patch
listed above.

The upgrade procedure is described in "Sun Java System Directory Server Enterprise
Edition 6.3.1 Release Notes" in Chapter 2 at:

http://docs.sun.com/doc/820-5817/gibic

For more information on Security Sun Alerts, see Technical Instruction ID 213557.

This Sun Alert notification is being provided to you on an "AS IS" basis. This
Sun Alert notification may contain information provided by third parties. The issues
described in this Sun Alert notification may or may not impact your system(s). Sun
makes no representations, warranties, or guarantees as to the information contained
herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT,
ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN
NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL
DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential information.
It is being provided to you pursuant to the provisions of your agreement to purchase
services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use.
This Sun Alert notification may only be used for the purposes contemplated by these
agreements.

Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
CA 95054 U.S.A. All rights reserved.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================