VULHUB ™

BUGTRAQ ID: 34150 CVE(CAN) ID: CVE-2009-1219 Sun Java System Calendar Server是Sun Java System通信套件中的日程服务器组件。 如果远程攻击者向Calendar Server连续两次发送特制的HTTP请求并在tzid参数中设置了字母字符的话，就会导致Calendar Server进程崩溃，可能留下类似于以下栈追踪的崩溃dump，具体取决于系统配置： $ pstack core ... ... ----------------- lwp# 4 / thread# 4 -------------------- ff05ff40 shtml_finishlogin (6db6c10, 201f8, 6ee7e26, 6e7471ff, 80808080, 1010101) + 160 0001dff4 cmd_login (6db6c10, 1, 0, 687474, 80808080, 1010101) + 364 00017f78 cshttpd_post_cb (6db6c10, 2d26ad, 6f07dc0, 6d, 1, 2e000000) + 470 fed8ff88 cmd_post (6db6c10, 2d26ad, 6f07dc0, 6d, 6f07dc0, baddc800) + 1b8 fed8f2a8 cmd_exec (6db6c10, 4, 2, 0, 0, 0) + da8 fed8d8cc cmdloop (6db6c10, fa8bce9c, 2000, ff000000, 0, 0) + 3bc fed8c4f0 sock_readable (6db6c10, 1000, fe7ecbc0, fc922400, 5b35bc, 0) + 2f0 feb45564 GDispCx_Dispatch (5b3544, 6f61c04, 6e6300c, fc922400, 5b3634, 0) + 174 feb45b78 GDispCx_InternalWork (6e6300c, fa8c0000, 0, 0, feb45798, 1) + 3e0 fe7c04f4 _lwp_start (0, 0, 0, 0, 0, 0) ... ......

BUGTRAQ ID: 34150 CVE(CAN) ID: CVE-2009-1219 Sun Java System Calendar Server是Sun Java System通信套件中的日程服务器组件。 如果远程攻击者向Calendar Server连续两次发送特制的HTTP请求并在tzid参数中设置了字母字符的话，就会导致Calendar Server进程崩溃，可能留下类似于以下栈追踪的崩溃dump，具体取决于系统配置： $ pstack core ... ... ----------------- lwp# 4 / thread# 4 -------------------- ff05ff40 shtml_finishlogin (6db6c10, 201f8, 6ee7e26, 6e7471ff, 80808080, 1010101) + 160 0001dff4 cmd_login (6db6c10, 1, 0, 687474, 80808080, 1010101) + 364 00017f78 cshttpd_post_cb (6db6c10, 2d26ad, 6f07dc0, 6d, 1, 2e000000) + 470 fed8ff88 cmd_post (6db6c10, 2d26ad, 6f07dc0, 6d, 6f07dc0, baddc800) + 1b8 fed8f2a8 cmd_exec (6db6c10, 4, 2, 0, 0, 0) + da8 fed8d8cc cmdloop (6db6c10, fa8bce9c, 2000, ff000000, 0, 0) + 3bc fed8c4f0 sock_readable (6db6c10, 1000, fe7ecbc0, fc922400, 5b35bc, 0) + 2f0 feb45564 GDispCx_Dispatch (5b3544, 6f61c04, 6e6300c, fc922400, 5b3634, 0) + 174 feb45b78 GDispCx_InternalWork (6e6300c, fa8c0000, 0, 0, feb45798, 1) + 3e0 fe7c04f4 _lwp_start (0, 0, 0, 0, 0, 0) ... ... Sun Java System Calendar Server 6.3 Sun --- Sun已经为此发布了一个安全公告（Sun-Alert-255008）以及相应补丁: Sun-Alert-255008：Security Vulnerability in Sun Java System Calendar Server 6.3 May Allow Denial of Service (DoS) 链接：<a href=http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-255008-1 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-255008-1</a>