Sun has acknowledged a vulnerability in Sun ONE/Java System Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the access control implementation when handling LDAP requests. This can be exploited to cause a buffer overflow via a specially crafted, invalid LDAP request.
Successful exploitation crashes the LDAP service or allows execution of arbitrary code with the privileges of the LDAP process.
SOFTWARE:
Sun Java System Directory Server 5.x
ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57754-1
VERIFY ADVISORY:
http://secunia.com/advisories/14960/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050418204421652