Vulnerability Note VU#258905
Multiple implementations of LDAP Directory Server vulnerable to buffer overflow
Overview
A buffer overflow in some implementations of the LDAP protocol may allow a remote unauthenticated attacker to execute arbitrary code.
Description
The Lightweight Directory Access Protocol (LDAP) is a protocol for accessing network based directories. A lack of bounds checking in some implementations of the LDAP protocol may allow a buffer used to generate error messages to overflow. If a remote unauthenticated attacker supplies a LDAP server with a specially crafted request, they may be able to trigger the buffer overflow to compromise the vulnerable server. |
Impact
A remote unauthenticated attacker may be able to execute arbitrary code on a vulnerable LDAP server with the privileges of the compromised LDAP process, or crash the LDAP process resulting in a denial-of-service condition. |
Solution
Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take. |
Limit Access Block or restrict access to the LDAP service (389/tcp or 636/tcp) on affected systems from untrusted networks such as the Internet. Sites, particularly those who are not able to apply the appropriate patches, are encouraged to consider implementing this workaround. Note that this change may break some desired functionality depending on particular site configuration details. As a general rule and a matter of good security practice, the CERT/CC recommends blocking access to all services that are not explicitly required. |
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Apple Computer Inc. | Not Vulnerable | 09 Dec 2004 | 14 Jan 2005 |
| Conectiva | Unknown | 09 Dec 2004 | 14 Jan 2005 |
| Cray Inc. | Unknown | 09 Dec 2004 | 14 Jan 2005 |
| Cybozu | Not Vulnerable | 10 Dec 2004 | 14 Jan 2005 |
| Debian | Unknown | 09 Dec 2004 | 14 Jan 2005 |
| EMC Corporation | Unknown | 09 Dec 2004 | 14 Jan 2005 |
| Engarde | Unknown | 09 Dec 2004 | 14 Jan 2005 |
| F5 Networks | Unknown | 09 Dec 2004 | 14 Jan 2005 |
| FreeBSD | Unknown | 09 Dec 2004 | 14 Jan 2005 |
| Fujitsu | Unknown | 10 Dec 2004 | 14 Jan 2005 |
| Hewlett-Packard Company | Vulnerable | 09 Dec 2004 | 14 Jan 2005 |
| Hitachi | Vulnerable | 10 Dec 2004 | 14 Jan 2005 |
| IBM | Unknown | 09 Dec 2004 | 14 Jan 2005 |
| Immunix | Unknown | 09 Dec 2004 | 14 Jan 2005 |
| Ingrian Networks | Unknown | 09 Dec 2004 | 14 Jan 2005 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.ietf.org/rfc/rfc2251.txt
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-1236
- Additional information is available in Japanese at:
- http://jvn.jp/jp/JVN%231BF8D7AA.html
Credit
Thanks to HIRT (Hitachi Incident Response Team).
This document was written by Damon Morda, Stacey Stewart and Jeffrey Gennari.
Other Information
- CVE IDs: CAN-2004-1236
- Date Public: 11 Jan 2005
- Date First Published: 11 Jan 2005
- Date Last Updated: 14 Jan 2005
- Severity Metric: 7.87
- Document Revision: 48
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
