CVE-2005-3269: Buffer Overflow
First published: Thu Oct 20 2005(Updated: )
Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun ONE Administration Server | =5.2 | |
| Sun ONE Directory Server | =4.16 | |
| Sun ONE Directory Server | =5.1-sp3 | |
| Sun Java System Directory Server | =5.2 | |
| Sun ONE Directory Server | =5.1-sp4 | |
| Sun Java System Directory Proxy Server | =5.2-2005q1 | |
| Sun Java System Directory Proxy Server | =5.2-2003q4 | |
| Sun ONE Directory Server | =5.1-sp1 | |
| Sun ONE Directory Server | =5.1 | |
| Sun Java System Directory Proxy Server | =5.2-2004q2 | |
| Sun ONE Directory Server | =4.16-sp1 | |
| Sun ONE Directory Server | =5.1 | |
| Sun ONE Directory Server | =5.0_sp2 | |
| Sun Java System Directory Server | =5.2-2003q4 | |
| Sun Java System Directory Server | =5.2-2005q1 | |
| Sun ONE Directory Server | =5.0-sp1 | |
| Sun ONE Directory Server | =5.1-sp3 | |
| Sun ONE Directory Server | =5.0 | |
| Sun Java System Directory Server | =5.2-2004q2 | |
| Sun ONE Directory Server | =5.1-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-117665-03-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102002-1
- http://securitytracker.com/id?1015014
- http://securitytracker.com/id?1015537
- http://securitytracker.com/id?1015536
- http://secunia.com/advisories/18590
- http://secunia.com/advisories/17092
- http://www.securityfocus.com/bid/15013
- http://www.securityfocus.com/bid/16345
- http://securitytracker.com/id?1015538
- http://securityreason.com/securityalert/367
- http://securityreason.com/securityalert/51
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-228419-1
- http://www.vupen.com/english/advisories/2005/1988
- http://marc.info/?l=bugtraq&m=113815459026080&w=2
- http://marc.info/?l=bugtraq&m=112862037500012&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24311
Frequently Asked Questions
What is the severity of CVE-2005-3269?
CVE-2005-3269 has a medium severity level due to the potential for remote code execution via a stack-based buffer overflow.
How do I fix CVE-2005-3269?
To mitigate CVE-2005-3269, upgrade to a patched version of Sun Java System Directory Server or related products that address this vulnerability.
Which versions are affected by CVE-2005-3269?
CVE-2005-3269 affects Sun Java System Directory Server 5.2, various versions of Sun ONE Directory Server, and Red Hat Directory Server before 7.1 SP1.
Can CVE-2005-3269 be exploited remotely?
Yes, CVE-2005-3269 can be exploited remotely due to the vulnerability being present in the HTTP administrative interface.
What are the potential impacts of CVE-2005-3269?
The exploitation of CVE-2005-3269 could lead to unauthorized execution of arbitrary code on the affected server.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/sun
- canonical/sun one administration server
- version/sun one administration server/5.2
- canonical/sun one directory server
- version/sun one directory server/4.16
- version/sun one directory server/5.1-sp3
- canonical/sun java system directory server
- version/sun java system directory server/5.2
- version/sun one directory server/5.1-sp4
- canonical/sun java system directory proxy server
- version/sun java system directory proxy server/5.2-2005q1
- version/sun java system directory proxy server/5.2-2003q4
- version/sun one directory server/5.1-sp1
- version/sun one directory server/5.1
- version/sun java system directory proxy server/5.2-2004q2
- version/sun one directory server/4.16-sp1
- version/sun one directory server/5.0_sp2
- version/sun java system directory server/5.2-2003q4
- version/sun java system directory server/5.2-2005q1
- version/sun one directory server/5.0-sp1
- version/sun one directory server/5.0
- version/sun java system directory server/5.2-2004q2
- version/sun one directory server/5.1-sp2