xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

Sun ONE目录服务器非授权LDAP操作拒绝服务攻击漏洞


发布时间:2003-05-25
更新时间:2003-05-25
严重程度:
威胁程度:远程拒绝服务
错误类型:设计错误
利用方式:服务器模式

BUGTRAQ ID:7478

受影响系统
Sun ONE Directory Server 5.1 SP1                    
Sun ONE Directory Server 5.1                        
   -HP HP-UX 11i                                    
   -HP HP-UX 11.0                                    
   -IBM AIX 4.3.3                                    
   -Microsoft Windows 2000 Advanced Server SP2      
   -Microsoft Windows 2000 Datacenter Server SP2    
   -Microsoft Windows 2000 Server SP2                
   -Microsoft Windows 2000 Terminal Services SP2    
   -Microsoft Windows NT Enterprise Server 4.0 SP6a  
   -Microsoft Windows NT Server 4.0 SP6a            
   -Microsoft Windows NT Terminal Server 4.0 SP6a    
   -RedHat Linux 7.2                                
   -Sun Linux 5.0                                    
   -Sun Linux 5.0.3                                  
   -Sun Solaris 8.0                                  
   -Sun Solaris 8.0 _x86                            
   +Sun Solaris 9.0                                  
   +Sun Solaris 9.0 _x86                            
Sun ONE Directory Server 5.0 SP2                    
Sun ONE Directory Server 5.0 SP1                    
Sun ONE Directory Server 5.0                        
   -HP HP-UX 11i                                    
   -HP HP-UX 11.0                                    
   -IBM AIX 4.3.3                                    
   -Microsoft Windows 2000 Advanced Server SP2      
   -Microsoft Windows 2000 Datacenter Server SP2    
   -Microsoft Windows 2000 Server SP2                
   -Microsoft Windows 2000 Terminal Services SP2    
   -Microsoft Windows NT Enterprise Server 4.0 SP6a  
   -Microsoft Windows NT Server 4.0 SP6a            
   -Microsoft Windows NT Terminal Server 4.0 SP6a    
   -RedHat Linux 7.2                                
   -Sun Linux 5.0                                    
   -Sun Linux 5.0.3                                  
   -Sun Solaris 8.0                                  
   -Sun Solaris 8.0 _x86                            
   -Sun Solaris 9.0                                  
   -Sun Solaris 9.0 _x86                            
Sun ONE Directory Server 4.16 SP1                    
Sun ONE Directory Server 4.16                        
   -HP HP-UX 11i                                    
   -HP HP-UX 11.0                                    
   -IBM AIX 4.3.3                                    
   -Microsoft Windows 2000 Advanced Server SP2      
   -Microsoft Windows 2000 Datacenter Server SP2    
   -Microsoft Windows 2000 Server SP2                
   -Microsoft Windows 2000 Terminal Services SP2    
   -Microsoft Windows NT Enterprise Server 4.0 SP6a  
   -Microsoft Windows NT Server 4.0 SP6a            
   -Microsoft Windows NT Terminal Server 4.0 SP6a    
   -RedHat Linux 7.2                                
   -Sun Linux 5.0                                    
   -Sun Linux 5.0.3                                  
   -Sun Solaris 8.0                                  
   -Sun Solaris 8.0 _x86                            
   -Sun Solaris 9.0                                  
   -Sun Solaris 9.0 _x86
详细描述
Sun ONE目录服务器存在拒绝服务攻击漏洞,服务器在执行某些LDAP操作的时候会导致服务器进程崩溃。

解决方案
厂商已经提供了补丁:

Sun ONE Directory Server 5.1:
      Sun Patch 113859-01
      http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=113859&rev=01

相关信息
Sun Alert ID: 52102
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F52102
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved