Executive Summary

Summary
Title Sun Alert 270789 Directory Proxy Server Provided with Directory Server Enterprise Edition 6 is Subject to Denial of Service (DoS) and May Allow Unauthorized Access to Certain Data
Informations
Name SUN-270789 First vendor Publication 2009-12-23
Vendor Sun Last vendor Modification 2009-12-23
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Java System Directory Server Enterprise Edition 6.0, Sun Java System Directory Server Enterprise Edition 6.1, Sun Java System Directory Server Enterprise Edition 6.2, Sun Java System Directory Server Enterprise Edition 6.3

Multiple security vulnerabilities in the Directory Proxy Serverprovided with Directory Server Enterprise Edition 6.x may allow aremote unprivileged user to do the following:

- cause a client operation to run temporarily with another client's privileges under certain circumstances
- cause the server to stop responding to new client connections, using specially forged packets
- prevent the server from sending results to other 'psearch' clients using a specially designed 'psearch' client"

State: Resolved
First released: 23-Dec-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_270789_directory_proxy

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-362 Race Condition
50 % CWE-16 Configuration

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

OpenVAS Exploits

Date Description
2010-01-04 Name : Sun Java System DSEE Multiple Vulnerabilities (Win)
File : nvt/secpod_sun_java_dir_server_mult_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
61417 Sun Java System Directory Proxy Server SO_KEEPALIVE Connection Slot Exhaustio...

61375 Sun Java System Directory Proxy Server psearch Client Resource Exhaustion Rem...

61374 Sun Java System Directory Proxy Server New Client Connection Crafted Packet H...

61373 Sun Java System Directory Proxy Server Client Operation Remote Privilege Esca...

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-01-07 IAVM : 2010-B-0002 - Multiple Remote Vulnerabilities in Sun Java System Directory Server
Severity : Category I - VMSKEY : V0022181

Nessus® Vulnerability Scanner

Date Description
2009-12-30 Name : The remote directory service is affected by multiple vulnerabilities.
File : sun_directory_proxy_server_multiple.nasl - Type : ACT_GATHER_INFO