----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Sun Java System Directory Server Directory Proxy Server Denial of
Service

SECUNIA ADVISORY ID:
SA33923

VERIFY ADVISORY:
http://secunia.com/advisories/33923/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
>From local network

SOFTWARE:
Sun Java System Directory Server Enterprise Edition (DSEE) 6.x
http://secunia.com/advisories/product/14528/

DESCRIPTION:
A vulnerability has been reported in Sun Java System Directory
Server, which can be exploited by malicious, local users and
malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the Sun
Java System Directory Proxy Server. This can be exploited via
specially crafted LDAP requests to cause the server to become
unresponsive to certain requests implying a JDBC backend.

The vulnerability is reported in Sun Java System Directory Server
Enterprise Edition 6.0, 6.1, 6.2, and 6.3 for Solaris 9 and 10 on
SPARC and x86 platforms, Linux, Windows, HP-UX, and AIX.

SOLUTION:
Update to Sun Java System Directory Server Enterprise Edition 6.3.1
or apply patches.

-- Native Package Versions --

Solaris 9 and 10 (SPARC):
Apply patch 125276-08 or later.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-125276-08-1

Solaris 9 (x86):
Apply patch 125277-08 or later.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-125277-08-1

Solaris 9 (x64):
Apply patch 125278-08 or later.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-125278-08-1

Linux RHEL3/RHEL4:
Apply patch 125309-08 or later.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-125309-08-1

Windows:
Apply patch 125311-08 or later.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-125311-08-1

-- PatchZIP (Compressed Archive) versions --

Solaris 9 and 10 (SPARC):
Apply patch 126748-05 or later.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-126748-05-1

Solaris 9 (x86):
Apply patch 126749-05 or later.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-126749-05-1

Solaris 10 (x64):
Apply patch 126750-05 or later.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-126750-05-1

Linux RHEL3/RHEL4:
Apply patch 126751-05 or later.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-126751-05-1

Windows 2000/2003:
Apply patch 126753-05 or later.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-126753-05-1

HP-UX 11i PA RISC:
Apply patch 126752-05 or later.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-126752-05-1

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-251086-1

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------