Systems With Sun Java Enterprise System Installed May Hang Due to a Memory Leak in the Network Security Services (NSS) Software |
|
| Category : | AvailabilitySecurity |
| Release Phase : | Resolved |
| Product : | Sun Java Enterprise System 2003Q4
Sun Java Enterprise System 2005Q1
Sun Java Enterprise System 2004Q2
|
| Bug Id : | 6421471
|
| Date of Workaround Release : | 13-JUN-2006
|
| Date of Resolved Release : | 17-JUL-2006
|
A local or remote unprivileged user may be able to cause systems which have installed the Sun Java Enterprise System (JES) along with the patches listed below in Section 2 to become unresponsive or hang. This is a Denial of Service (DoS) due to a memory leak in the Network Security Services (NSS) software which is used by many of the Sun Java Enterprise System components such as the Sun Java System Application Server, the Sun Java System Web Server, and the Sun Java System Portal Server.
NSS is an open source project which adds support for SSL, S/MIME, and other Internet security standards to the Sun Java Enterprise System. Further information about NSS can be found at http://www.mozilla.org/projects/security/pki/nss/
This issue is also described in CVE-2006-3127 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3127
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Sun Java Enterprise System 2003Q4, 2004Q2 and 2005Q1 (for Solaris 8) with patch 119209-07 and without patch 119209-08
- Sun Java Enterprise System 2003Q4, 2004Q2 and 2005Q1 (for Solaris 9) with patch 119211-07 and without patch 119211-08
- Sun Java Enterprise System 2005Q1 (for Solaris 10) with patch 119213-07 and without patch 119213-08
x86 Platform
- Sun Java Enterprise System 2003Q4, 2004Q2 and 2005Q1 (for Solaris 9) with patch 119212-07 and without patch 119212-08
- Sun Java Enterprise System 2005Q1 (for Solaris 10) with patch 119214-07 and without patch 119214-08
Linux Platform
- Sun Java Enterprise System 2003Q4, 2004Q2 and 2005Q1 (for Linux) with patch 121656-07 and without patch 121656-08
Notes:
- Sun Java Enterprise System is not available for Solaris 8 on the x86 platform.
- Only NSS version 3.11 is impacted by this issue.
To determine if the NSS packages are installed on a system, the following command can be run:
% pkginfo SUNWtls
To determine the version of NSS on a system, the following command can be run:
% pkgparam SUNWtls SUNW_PRODVERS
Symptoms
The system will become unresponsive and "hang". Applications on the system, such as Sun Java System Application Server or Sun Java System Web Server will no longer respond to client requests.
Workaround
To work around the described issue, back out whichever patch necessary (119209-07, 119211-07, 119212-07, 119213-07, 119214-07, 121656-07) according to which operating system version is installed.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Sun Java Enterprise System 2003Q4, 2004Q2 and 2005Q1 (for Solaris 8) with patch 119209-08 or later
- Sun Java Enterprise System 2003Q4, 2004Q2 and 2005Q1 (for Solaris 9) with patch 119211-08 or later
- Sun Java Enterprise System 2005Q1 (for Solaris 10) with patch 119213-08 or later
x86 Platform
- Sun Java Enterprise System 2003Q4, 2004Q2 and 2005Q1 (for Solaris 9) with patch 119212-08 or later
- Sun Java Enterprise System 2005Q1 (for Solaris 10) with patch 119214-08 or later
Linux Platform
- Sun Java Enterprise System 2003Q4, 2004Q2 and 2005Q1 (for Linux) with patch 121656-08 or later
Modification HistoryDate: 17-JUL-2006
17-Jul-2006:
- Updated Contributing Factors and Resolution sections
- State: Resolved
Date: 19-JUL-2006
19-Jul-2006:
Date: 21-JUL-2006
21-Jul-2006:
- Updated Contributing Factors and Resolution sections
AttachmentsThis solution has no attachment
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
