CERT-In Vulnerability Note CIVN-2008-174
Vulnerability in the Search Feature of the Sun Java System LDAP JDK

Original Issue Date:November 03, 2008

Severity Rating: Low

Systems Affected

• Sun Java system Access-Manager 6.x
• Sun Java System Access-Manager 7.x
• Sun Jva System LDAP development kit 4.x

Overview

A Vulnerability has been reported in the Search Feature of the Sun Java System LDAP JDK . This vulnerability may allow local unprivileged users to read information from applications that use the LDAP JDK library.

Description

The Lightweight Directory Access Protocol, (LDAP) is an application protocol for querying and modifying directory services running over TCP/IP. A Java Development Kit (JDK) is typically a set of development tools that allows a software engineer to create applications for a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar platform.

Solutions

Apply appropriate patches as suggested by vendor

• Patch 119725-05 or later for SPARC and x86 platform
• Patch 120834-03 or later for Linux Platform
• Patch 138905-01 or later for HP-UX and Window platform.

Vendor Information

SUN
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-242246-1

References

SUN
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-242246-1

AusCERT
http://www.auscert.org.au/render.html?cid=1980

Secunia
http://secunia.com/Advisories/32327/

SecurityFocus
http://www.securityfocus.com/bid/31905

FrSIRT
http://www.frsirt.com/english/advisories/2008/2916

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003