Lucene search
AnonymousZDI-10-074HistoryApr 13, 2010 - 12:00 a.m.
Sun Microsystems Directory Server Enterprise ASN.1 Parsing Remote Code Execution Vulnerability
2010-04-1300:00:00
Anonymous
www.zerodayinitiative.com
17
0.033 Low
EPSS
Percentile
91.3%
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Directory Service Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server’s LDAP implementation and can be triggered via a malformed LDAP query to the ns_slapd service. When the service decodes the malformed extendedRequest query containing a malformed requestValue string, the application will cause a buffer overflow which can lead to code execution under the context of the service.
Related
prion
prion
Design/Logic Flaw
2010-04-13 22:30:00
nvd
nvd
CVE-2010-0897
2010-04-13 22:30:01
securityvulns
securityvulns
cve
cve
CVE-2010-0897
2010-04-13 22:30:01
zdi
zdi
openvas
openvas
Oracle Java System Directory Server Multiple Remote Vulnerabilities
2010-04-15 00:00:00
cvelist
cvelist
CVE-2010-0897
2010-04-13 22:00:00
oracle
oracle
Security | Oracle Critical Patch Update - April 2010
2010-04-13 00:00:00