CERTA-2005-AVI-145
Vulnerability from certfr_avis - Published: 2005-04-15 - Updated: 2005-04-15
Deux vulnérabilités affectant des produits de Sun permettent à un utilisateur mal intentionné, local ou distant d'exécuter du code arbitraire ou effectuer un déni de service.
Description
- Une vulnérabilité présente dans le serveur LDAP (LDAP est un protocole d'annuaire standard) permet à un utilisateur mal intentionné, local ou distant d'exécuter du code arbitraire ou de forcer l'arret du processus LDAP ;
- une seconde vulnérabilité découverte dans certaines publications de Sun Java System Web Server permet à un individu mal intentionné d'effectuer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sun Java System Web Server.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun ONE Directory Server ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Sun Java System Directory Server ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\n- Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans le serveur LDAP (LDAP est un\n protocole d\u0027annuaire standard) permet \u00e0 un utilisateur mal\n intentionn\u00e9, local ou distant d\u0027ex\u00e9cuter du code arbitraire ou de\n forcer l\u0027arret du processus LDAP ;\n- une seconde vuln\u00e9rabilit\u00e9 d\u00e9couverte dans certaines publications de\n Sun Java System Web Server permet \u00e0 un individu mal intentionn\u00e9\n d\u0027effectuer un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2005-04-15T00:00:00",
"last_revision_date": "2005-04-15T00:00:00",
"links": [],
"reference": "CERTA-2005-AVI-145",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s affectant des produits de Sun permettent \u00e0 un\nutilisateur mal intentionn\u00e9, local ou distant d\u0027ex\u00e9cuter du code\narbitraire ou effectuer un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s de la machine virtuelle Java de SUN",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sun #57754 du 13 avril 2005",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57754-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sun #57760 du 13 avril 2005",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57760-1"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…