Secunia Security Advisory - Two vulnerabilities have been reported in Sun Java System Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
b98a57353733138e020e7bf6015f2d4304c86114404a927c3e77cbd70e57db99
----------------------------------------------------------------------
Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
Sun Java System Directory Server Two Vulnerabilities
SECUNIA ADVISORY ID:
SA39428
VERIFY ADVISORY:
http://secunia.com/advisories/39428/
DESCRIPTION:
Two vulnerabilities have been reported in Sun Java System Directory
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service) or potentially compromise a vulnerable system.
1) An error in SSL implementation when parsing regular expressions
can be exploited to potentially execute arbitrary code.
For more information see vulnerability #1 in:
SA36093
2) An error in the LDAP implementation can be exploited to cause a
DoS.
For more information:
SA35094
SOLUTION:
Apply patches.
Sun Java System Directory Server 5.2 Patch 6:
Apply patch 142806-01 or later.
Sun Java System Directory Server Enterprise Edition 6.3.1:
Apply patch 142807-01 or later.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
OTHER REFERENCES:
SA35094:
http://secunia.com/advisories/35094/
SA36093:
http://secunia.com/advisories/36093/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------