Sun Java System Directory Server Multiple Vulnerabilities

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote LDAP server has multiple vulnerabilities.

Description :

The remote host is running the Sun Java System Directory Server, an
LDAP server from Sun Microsystems.

The remote version of this service is affected by multiple
vulnerabilities. Versions 6.0 and prior to 5.2 Patch 5 are affected
by :

- list attributes information disclosure
- Unauthorized Access (restricted to super users).

Versions prior to 5.2 Patch 5 are affected by :

- Denial of service due to the BER decoding handler
- Memory corruption in the failed request handler.

See also :

http://download.oracle.com/sunalerts/1000664.1.html
http://download.oracle.com/sunalerts/1000951.1.html
http://www.nessus.org/u?c3b398d9
http://www.nessus.org/u?0bf5dca5

Solution :

Upgrade to Sun Java System Directory Server 5.2 Patch 5 or 6.1 or
later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Gain a shell remotely

Nessus Plugin ID: 25705 ()

Bugtraq ID: 23117
23743
24467
24468

CVE ID: CVE-2006-4175
CVE-2007-2466
CVE-2007-3224
CVE-2007-3225

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial