Vulnerability Note VU#258905

Multiple implementations of LDAP Directory Server vulnerable to buffer overflow

Original Release date: 11 Jan 2005 | Last revised: 14 Jan 2005

Overview

A buffer overflow in some implementations of the LDAP protocol may allow a remote unauthenticated attacker to execute arbitrary code.

Description

The Lightweight Directory Access Protocol (LDAP) is a protocol for accessing network based directories. A lack of bounds checking in some implementations of the LDAP protocol may allow a buffer used to generate error messages to overflow. If a remote unauthenticated attacker supplies a LDAP server with a specially crafted request, they may be able to trigger the buffer overflow to compromise the vulnerable server.

Impact

A remote unauthenticated attacker may be able to execute arbitrary code on a vulnerable LDAP server with the privileges of the compromised LDAP process, or crash the LDAP process resulting in a denial-of-service condition.

Solution

Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take.

Limit Access

Block or restrict access to the LDAP service (389/tcp or 636/tcp) on affected systems from untrusted networks such as the Internet. Sites, particularly those who are not able to apply the appropriate patches, are encouraged to consider implementing this workaround. Note that this change may break some desired functionality depending on particular site configuration details. As a general rule and a matter of good security practice, the CERT/CC recommends blocking access to all services that are not explicitly required.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Hewlett-Packard CompanyAffected09 Dec 200411 Jan 2005
HitachiAffected10 Dec 200413 Jan 2005
Netscape Communications CorporationAffected-11 Jan 2005
Red Hat Inc.Affected09 Dec 200410 Jan 2005
Apple Computer Inc.Not Affected09 Dec 200414 Jan 2005
CybozuNot Affected10 Dec 200413 Jan 2005
Juniper NetworksNot Affected09 Dec 200411 Jan 2005
Lotus SoftwareNot Affected09 Dec 200416 Dec 2004
NEC CorporationNot Affected10 Dec 200413 Jan 2005
OpenLDAPNot Affected09 Dec 200411 Jan 2005
QualityNot Affected10 Dec 200413 Jan 2005
SuSE Inc.Not Affected09 Dec 200411 Jan 2005
ConectivaUnknown09 Dec 200415 Dec 2004
Cray Inc.Unknown09 Dec 200415 Dec 2004
DebianUnknown09 Dec 200415 Dec 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to HIRT (Hitachi Incident Response Team).

This document was written by Damon Morda, Stacey Stewart and Jeffrey Gennari.

Other Information

  • CVE IDs: CAN-2004-1236
  • Date Public: 11 Jan 2005
  • Date First Published: 11 Jan 2005
  • Date Last Updated: 14 Jan 2005
  • Severity Metric: 7.87
  • Document Revision: 48

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.