[VIM] ZDI-10-074: Sun Microsystems Directory Server Enterprise ASN.1 Parsing Remote Code Execution Vulnerability
ZDI Disclosures
zdi-disclosures at tippingpoint.com
Mon Apr 26 14:20:01 UTC 2010
Hello Brian,
Yes, according to Sun they should indeed have the same CVE ID CVE-2010-0897. There is also a third case with this ID as well. All three are listed below.
ZDI-10-073
ZDI-10-074
ZDI-10-075
Kind regards,
Kate
-----Original Message-----
From: security curmudgeon [mailto:jericho at attrition.org]
Sent: Saturday, April 17, 2010 4:38 AM
To: ZDI Disclosures
Cc: vim at attrition.org
Subject: Re: ZDI-10-074: Sun Microsystems Directory Server Enterprise ASN.1 Parsing Remote Code Execution Vulnerability
Hi ZDI,
: ZDI-10-074: Sun Microsystems Directory Server Enterprise ASN.1 Parsing Remote Code Execution Vulnerability
: http://www.zerodayinitiative.com/advisories/ZDI-10-074
: CVE-2010-0897
: ZDI-10-075: Sun Microsystems Directory Server Enterprise DSML UTF-8 Denial of Service Vulnerability
: http://www.zerodayinitiative.com/advisories/ZDI-10-075
: CVE-2010-0897
Can you confirm these should have the same CVE? The CVE is currently vague but specifies "Directory Service Markup Language" suggesting 075 is correct, but the CVE associated with 074 is incorrect.
Brian
OSVDB.org
More information about the VIM
mailing list