|Check Point Reference:||CPAI-2006-323|
|Date Published:||31 Dec 2006|
|Last Updated:||31 Dec 2010|
|Protection Provided by:|
|Who is Vulnerable?|| Sun Microsystems Java System Directory Server 5.2 SP4 and earlier |
Sun Microsystems Solaris 9
|Vulnerability Description||There exists a vulnerability in the Sun Directory Server. The flaw is caused due to improper handling of certain overly large LDAP messages. An unauthenticated remote attacker may exploit this vulnerability by sending a crafted LDAP message to the target host which may terminate the affected LDAP server on the target system.
The target server process will terminate as a result of an attack. Consequently, all established connections will be disconnected and further connections will not be possible until the server is manually restarted.
|Vulnerability Details||Sun Directory Server is a distributed directory server based on the Lightweight Directory Access Protocol (LDAP). The server listens for LDAP requests on a port specified during installation. The default port assigned to the server during installation is randomly selected.|