(Sun Issues Fix for Java Directory Server) Java Enterprise System (JES) Network Security Services (NSS) Memory Leak Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1017978 |
|
SecurityTracker URL: http://securitytracker.com/id/1017978
|
|
CVE Reference:
CVE-2006-3127
(Links to External Site)
|
Updated: May 4 2007
|
Original Entry Date: Apr 30 2007
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Java Enterprise System (JES) when Network Security Services (NSS) is installed. A remote user can cause denial of service conditions. Sun Java Directory Server is affected.
The Network Security Services (NSS) code will leak 256 bytes of memory per RSA cryptographic operation. A remote user can initiate a large number of cryptographic operations to cuase the system to run out of memory and hang or panic.
|
Impact:
A remote user can cause denial of service conditions.
|
Solution:
Sun has issued a fixed version (5.2patch5) for Sun Java Directory Server, which is affected by this vulnerability.
PatchZIP (Compressed Archive) versions:
* Solaris Sparc: 117665-04
* Solaris x86: 117666-04
* Linux: 117668-04
* Windows: 117667-04
* HP-UX: 117669-04
* AIX: 117670-04.
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102896-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102896-1 (Links to External Site)
|
Cause:
Resource error
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Sun, 29 Apr 2007 22:54:27 -0400
Subject: Directory Server May Hang Due to a Memory Leak in the Network Security Services (NSS) Software
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102896-1
CVE-2006-3127
|
|
