A newly discovered flaw in Sun Microsystems Inc.'s LDAP-based directory server could allow unauthorized users to tamper with the system and execute arbitrary commands.
FrSIRT writes that, as a result, it is possible for remote attackers to use such requests to gain unauthorized access to a susceptible system and perform malicious actions.
Secunia has classified the problem as moderately critical. It was reportedly exposed by Peter Winter-Smith of UK-based vulnerability assessment firm NGS Software Ltd.
Affected users can eradicate the vulnerability by upgrading to System Directory Server 5.2 patch 4.
According to Sun, the Java System Directory Server is the most widely deployed general-purpose directory server based on Lightweight Director Access Protocol, with more than 1.5 billion entries. Used by enterprises to manage large volumes of user information, it is a software component of Sun's Java Identity Management Suite, the vendor's toolset for managing and securing network identity data.