Signature Detail

Short Name	LDAP:SUN-REQ-FS
Severity	High
Recommended	No
Recommended Action	Drop
Category	LDAP
Keywords	Sun LDAP Format String in Request
Release Date	2006/05/03
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

LDAP: Sun LDAP Format String in Request

This signature detects malicious format strings in requested LDAP names. Multiple servers are affected by this vulnerability, including Sun LDAP. A successful exploit can cause a denial-of-service condition or, in some cases, arbitrary remote code execution.

Extended Description

Sun ONE Directory Server is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to handle malformed network traffic. This issue allows remote attackers to crash the application, denying service to legitimate users.

Affected Products

Sun Java System Directory Server 5.2
Sun Java System Directory Server 5.2 2003Q4
Sun Java System Directory Server 5.2 2004Q2
Sun Java System Directory Server 5.2 2005Q1
Sun Java System Directory Server 5.2 2005Q4
Sun Java System Directory Server 5.2 Patch2
Sun ONE Directory Server 5.2.0
Sun ONE Directory Server 5.2.0 Patch 3
Sun ONE Directory Server 5.2.0 Patch 4

References

BugTraq: 16550
CVE: CVE-2006-0647
URL: http://www.frsirt.com/english/advisories/2006/0492
URL: http://lists.immunitysec.com/pipermail/dailydave/2006-February/002916.html

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

LDAP: Sun LDAP Format String in Request

Extended Description

Affected Products

References