Vulnerability Note VU#258905
Multiple implementations of LDAP Directory Server vulnerable to buffer overflow
A buffer overflow in some implementations of the LDAP protocol may allow a remote unauthenticated attacker to execute arbitrary code.
The Lightweight Directory Access Protocol (LDAP) is a protocol for accessing network based directories. A lack of bounds checking in some implementations of the LDAP protocol may allow a buffer used to generate error messages to overflow. If a remote unauthenticated attacker supplies a LDAP server with a specially crafted request, they may be able to trigger the buffer overflow to compromise the vulnerable server.
A remote unauthenticated attacker may be able to execute arbitrary code on a vulnerable LDAP server with the privileges of the compromised LDAP process, or crash the LDAP process resulting in a denial-of-service condition.
Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take.
Block or restrict access to the LDAP service (389/tcp or 636/tcp) on affected systems from untrusted networks such as the Internet. Sites, particularly those who are not able to apply the appropriate patches, are encouraged to consider implementing this workaround. Note that this change may break some desired functionality depending on particular site configuration details. As a general rule and a matter of good security practice, the CERT/CC recommends blocking access to all services that are not explicitly required.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett-Packard Company||Affected||09 Dec 2004||11 Jan 2005|
|Hitachi||Affected||10 Dec 2004||13 Jan 2005|
|Netscape Communications Corporation||Affected||-||11 Jan 2005|
|Red Hat Inc.||Affected||09 Dec 2004||10 Jan 2005|
|Apple Computer Inc.||Not Affected||09 Dec 2004||14 Jan 2005|
|Cybozu||Not Affected||10 Dec 2004||13 Jan 2005|
|Juniper Networks||Not Affected||09 Dec 2004||11 Jan 2005|
|Lotus Software||Not Affected||09 Dec 2004||16 Dec 2004|
|NEC Corporation||Not Affected||10 Dec 2004||13 Jan 2005|
|OpenLDAP||Not Affected||09 Dec 2004||11 Jan 2005|
|Quality||Not Affected||10 Dec 2004||13 Jan 2005|
|SuSE Inc.||Not Affected||09 Dec 2004||11 Jan 2005|
|Conectiva||Unknown||09 Dec 2004||15 Dec 2004|
|Cray Inc.||Unknown||09 Dec 2004||15 Dec 2004|
|Debian||Unknown||09 Dec 2004||15 Dec 2004|
CVSS Metrics (Learn More)
- Additional information is available in Japanese at:
Thanks to HIRT (Hitachi Incident Response Team).
This document was written by Damon Morda, Stacey Stewart and Jeffrey Gennari.
- CVE IDs: CAN-2004-1236
- Date Public: 11 Jan 2005
- Date First Published: 11 Jan 2005
- Date Last Updated: 14 Jan 2005
- Severity Metric: 7.87
- Document Revision: 48
If you have feedback, comments, or additional information about this vulnerability, please send us email.