CVE-2005-3269

Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://sunsolve.sun.com/search/document.do?assetkey=1-21-117665-03-1	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102002-1
http://securitytracker.com/id?1015014
http://securitytracker.com/id?1015537
http://securitytracker.com/id?1015536
http://secunia.com/advisories/18590	Vendor Advisory
http://secunia.com/advisories/17092	Vendor Advisory
http://www.securityfocus.com/bid/15013
http://www.securityfocus.com/bid/16345
http://securitytracker.com/id?1015538
http://securityreason.com/securityalert/367
http://securityreason.com/securityalert/51
http://sunsolve.sun.com/search/document.do?assetkey=1-66-228419-1
http://www.vupen.com/english/advisories/2005/1988	Vendor Advisory
http://marc.info/?l=bugtraq&m=113815459026080&w=2
http://marc.info/?l=bugtraq&m=112862037500012&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/24311

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sun:java_system_directory_server:5.2:2004q2::::::
	cpe:2.3:a:sun:java_system_directory_server:5.2:2005q1::::::
	cpe:2.3:a:sun:one_directory_server:5.1::x86:::::
	cpe:2.3:a:sun:one_directory_server:5.1:sp1::::::
	cpe:2.3:a:sun:java_system_directory_server:5.2:::::::*
	cpe:2.3:a:sun:java_system_directory_server:5.2:2003q4::::::
	cpe:2.3:a:sun:one_directory_server:5.0:sp1::::::
	cpe:2.3:a:sun:one_directory_server:5.0_sp2:::::::*
	cpe:2.3:a:sun:one_directory_server:5.1:::::::*
	cpe:2.3:a:sun:java_system_directory_proxy_server:5.2:2003q4::::::
	cpe:2.3:a:sun:one_administration_server:5.2:::::::*
	cpe:2.3:a:sun:one_directory_server:4.16:::::::*
	cpe:2.3:a:sun:one_directory_server:5.1:sp3::::::
	cpe:2.3:a:sun:one_directory_server:5.1:sp4::::::
	cpe:2.3:a:sun:java_system_directory_proxy_server:5.2:2005q1::::::
	cpe:2.3:a:sun:java_system_directory_proxy_server:5.2:2004q2::::::
	cpe:2.3:a:sun:one_directory_server:4.16:sp1::::::
	cpe:2.3:a:sun:one_directory_server:5.1:sp3:x86:::::*
	cpe:2.3:a:sun:one_directory_server:5.0:::::::*
	cpe:2.3:a:sun:one_directory_server:5.1:sp2::::::

Information

Published : 2005-10-20 16:02

Updated : 2017-07-10 18:33

NVD link : CVE-2005-3269

Mitre link : CVE-2005-3269

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

sun

one_directory_server
java_system_directory_server
java_system_directory_proxy_server
one_administration_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-117665-03-1", "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-117665-03-1", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102002-1", "name": "102002", "tags": [], "refsource": "SUNALERT"}, {"url": "http://securitytracker.com/id?1015014", "name": "1015014", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1015537", "name": "1015537", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1015536", "name": "1015536", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/18590", "name": "18590", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/17092", "name": "17092", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/15013", "name": "15013", "tags": [], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/16345", "name": "16345", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1015538", "name": "1015538", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securityreason.com/securityalert/367", "name": "367", "tags": [], "refsource": "SREASON"}, {"url": "http://securityreason.com/securityalert/51", "name": "51", "tags": [], "refsource": "SREASON"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-228419-1", "name": "228419", "tags": [], "refsource": "SUNALERT"}, {"url": "http://www.vupen.com/english/advisories/2005/1988", "name": "ADV-2005-1988", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=bugtraq&m=113815459026080&w=2", "name": "20060122 High Risk Vulnerability in Red Hat Directory Server and Red Hat Certificate Server", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=112862037500012&w=2", "name": "20051006 High Risk Vulnerability in Sun Directory Server", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24311", "name": "redhat-directory-admin-bo(24311)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-3269", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-10-20T23:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:java_system_directory_server:5.2:2004q2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_directory_server:5.2:2005q1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_directory_server:5.1:*:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_directory_server:5.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_directory_server:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_directory_server:5.2:2003q4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_directory_server:5.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_directory_server:5.0_sp2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_directory_server:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_directory_proxy_server:5.2:2003q4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_administration_server:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_directory_server:4.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_directory_server:5.1:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_directory_server:5.1:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_directory_proxy_server:5.2:2005q1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_directory_proxy_server:5.2:2004q2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_directory_server:4.16:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_directory_server:5.1:sp3:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_directory_server:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:one_directory_server:5.1:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:33Z"}

7.5 /10