Sun Java System Directory Server Multiple Vulnerabilities

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.


Synopsis :

The remote LDAP server has multiple vulnerabilities.

Description :

The remote host is running the Sun Java System Directory Server, an
LDAP server from Sun Microsystems.

The remote version of this service is affected by multiple
vulnerabilities. Versions 6.0 and prior to 5.2 Patch 5 are affected
by :

- list attributes information disclosure
- Unauthorized Access (restricted to super users).

Versions prior to 5.2 Patch 5 are affected by :

- Denial of service due to the BER decoding handler
- Memory corruption in the failed request handler.

See also :

http://download.oracle.com/sunalerts/1000664.1.html
http://download.oracle.com/sunalerts/1000951.1.html
http://www.nessus.org/u?c3b398d9
http://www.nessus.org/u?0bf5dca5

Solution :

Upgrade to Sun Java System Directory Server 5.2 Patch 5 or 6.1 or
later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Gain a shell remotely

Nessus Plugin ID: 25705 ()

Bugtraq ID: 23117
23743
24467
24468

CVE ID: CVE-2006-4175
CVE-2007-2466
CVE-2007-3224
CVE-2007-3225