Vulnerabilities > CVE-2006-4175 - Access of Uninitialized Pointer vulnerability in SUN Java System Directory Server and ONE Directory Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Gain a shell remotely |
NASL id | SUN_DIRECTORY_SERVER_MULTIPLE.NASL |
description | The remote host is running the Sun Java System Directory Server, an LDAP server from Sun Microsystems. The remote version of this service is affected by multiple vulnerabilities. Versions 6.0 and prior to 5.2 Patch 5 are affected by : - list attributes information disclosure - Unauthorized Access (restricted to super users). Versions prior to 5.2 Patch 5 are affected by : - Denial of service due to the BER decoding handler - Memory corruption in the failed request handler. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25705 |
published | 2007-07-12 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25705 |
title | Sun Java System Directory Server Multiple Vulnerabilities |
code |
|
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=491
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102853-1
- http://www.securityfocus.com/bid/23117
- http://www.securitytracker.com/id?1017814
- http://secunia.com/advisories/24634
- http://www.osvdb.org/33524
- http://www.vupen.com/english/advisories/2007/1090
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33189