Описание
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-4440
- http://secunia.com/advisories/37915
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1
- http://www.securityfocus.com/bid/37481
- http://www.securitytracker.com/id?1023389
- http://www.vupen.com/english/advisories/2009/3647
Связанные уязвимости
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.