Bug 490167 (CVE-2009-1093)

Summary: CVE-2009-1093 OpenJDK remote LDAP Denial-Of-Service (6717680)
Product: [Other] Security Response Reporter: Marc Schoenefeld <mschoene>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedCC: kreilly, mjc, rbiba, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-10-12 13:48:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 490182, 490183, 492325, 492326, 492328, 492329, 500582, 500583, 506910, 506911, 540443    
Bug Blocks:    

Comment 2 Marc Schoenefeld 2009-03-26 10:06:39 UTC 
The LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).

5.0 Update 17 and earlier; 
6 Update 12 and earlier; 
SDK and JRE 1.3.1_24 and earlier; 
and 1.4.2_19 and earlier
Comment 5 errata-xmlrpc 2009-03-26 16:03:34 UTC 
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
Comment 6 errata-xmlrpc 2009-03-26 16:06:51 UTC 
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:0394 https://rhn.redhat.com/errata/RHSA-2009-0394.html
Comment 7 errata-xmlrpc 2009-04-07 18:36:45 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:0377 https://rhn.redhat.com/errata/RHSA-2009-0377.html
Comment 9 errata-xmlrpc 2009-05-18 20:28:37 UTC 
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1038 https://rhn.redhat.com/errata/RHSA-2009-1038.html
Comment 11 errata-xmlrpc 2009-08-06 21:30:52 UTC 
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1198 https://rhn.redhat.com/errata/RHSA-2009-1198.html
Comment 13 errata-xmlrpc 2009-12-11 13:43:15 UTC 
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.1

Via RHSA-2009:1662 https://rhn.redhat.com/errata/RHSA-2009-1662.html
Comment 14 errata-xmlrpc 2010-01-14 16:32:33 UTC 
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.3

Via RHSA-2010:0043 https://rhn.redhat.com/errata/RHSA-2010-0043.html