kjkoster
29-10-2008, 06:56
Dear All,
It seems that there was a serious problem with the LDAP library that has been distributed with the JDK. This means that Sun's Java Access manager is also vulnerable.
Sun's bug report (http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6711620) for this bug is hidden, but they did propose a fix for the LDAP vulnerability (http://sunsolve.sun.com/search/document.do?assetkey=1-26-242246-1).
The advisory can be found here (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4747).
Kees Jan
It seems that there was a serious problem with the LDAP library that has been distributed with the JDK. This means that Sun's Java Access manager is also vulnerable.
Sun's bug report (http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6711620) for this bug is hidden, but they did propose a fix for the LDAP vulnerability (http://sunsolve.sun.com/search/document.do?assetkey=1-26-242246-1).
The advisory can be found here (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4747).
Kees Jan