Sun Java System Directory Server Attributes List Information Disclosure Vulnerability

TITLE: Sun Java System Directory Server Attributes List Information Disclosure Vulnerability
CLASS: Design Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 13 2007 12:00AM
UPDATE: Jun 14 2007 06:49PM
CREDIT: The vendor reported this issue.
VULNERABLE:

Sun ONE Directory Server 5.2 patch 4
Sun ONE Directory Server 5.2 patch 3
Sun ONE Directory Server 5.2
Sun ONE Directory Server 5.1
-HP HP-UX 11.0
-HP HP-UX 11i v1
-IBM AIX 4.3.3
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6a
-RedHat Linux 7.2
-Sun Linux 5.0.3
-Sun Linux 5.0
+ Sun Solaris 9_x86
+ Sun Solaris 9
-Sun Solaris 8_x86
-Sun Solaris 8
Sun Java System Directory Server 5.2 Patch2
Sun Java System Directory Server 5.2 2005Q4
Sun Java System Directory Server 5.2 2005Q1
Sun Java System Directory Server 5.2 2004Q2
Sun Java System Directory Server 5.2 2003Q4
Sun Java Directory Server Enterprise Edition 6.0
NOT VULNERABLE:

Vai alla pagina originale su Security Focus

Discussion

Sun Java System Directory Server is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may lead to other attacks.

This issue affects these versions:

Sun ONE Directory Server 5.2
Sun Java System Directory Server 5
Sun Java Directory Server Enterprise Edition (DSEE) 6.0.

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

Solution

Solution:
The vendor has released an advisory and fixes to address this issue. Please see the referenced advisory for more information.

References

References:

PhpLog

BNLug Benevento Linux Users Group