SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#258905

Multiple implementations of LDAP Directory Server vulnerable to buffer overflow

Overview

A buffer overflow in some implementations of the LDAP protocol may allow a remote unauthenticated attacker to execute arbitrary code.

I. Description

The Lightweight Directory Access Protocol (LDAP) is a protocol for accessing network based directories. A lack of bounds checking in some implementations of the LDAP protocol may allow a buffer used to generate error messages to overflow. If a remote unauthenticated attacker supplies a LDAP server with a specially crafted request, they may be able to trigger the buffer overflow to compromise the vulnerable server.

II. Impact

A remote unauthenticated attacker may be able to execute arbitrary code on a vulnerable LDAP server with the privileges of the compromised LDAP process, or crash the LDAP process resulting in a denial-of-service condition.

III. Solution

Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take.

Limit Access

Block or restrict access to the LDAP service (389/tcp or 636/tcp) on affected systems from untrusted networks such as the Internet. Sites, particularly those who are not able to apply the appropriate patches, are encouraged to consider implementing this workaround. Note that this change may break some desired functionality depending on particular site configuration details. As a general rule and a matter of good security practice, the CERT/CC recommends blocking access to all services that are not explicitly required.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Not Vulnerable14-Jan-2005
ConectivaUnknown15-Dec-2004
Cray Inc.Unknown15-Dec-2004
CybozuNot Vulnerable13-Jan-2005
DebianUnknown15-Dec-2004
EMC CorporationUnknown15-Dec-2004
EngardeUnknown15-Dec-2004
F5 NetworksUnknown15-Dec-2004
FreeBSDUnknown16-Dec-2004
FujitsuUnknown13-Jan-2005
Hewlett-Packard CompanyVulnerable11-Jan-2005
HitachiVulnerable13-Jan-2005
IBMUnknown15-Dec-2004
ImmunixUnknown15-Dec-2004
Ingrian NetworksUnknown15-Dec-2004
Juniper NetworksNot Vulnerable11-Jan-2005
Lotus SoftwareNot Vulnerable16-Dec-2004
MandrakeSoftUnknown15-Dec-2004
Microsoft CorporationUnknown5-Jan-2005
MontaVista SoftwareUnknown15-Dec-2004
NEC CorporationNot Vulnerable13-Jan-2005
NETBSDUnknown16-Dec-2004
Netscape Communications CorporationVulnerable11-Jan-2005
NokiaUnknown16-Dec-2004
Nortel NetworksUnknown15-Dec-2004
NovellUnknown15-Dec-2004
OpenLDAPNot Vulnerable11-Jan-2005
Openwall GNU/*/LinuxUnknown15-Dec-2004
Oracle CorporationUnknown15-Dec-2004
PADL SoftwareUnknown17-Dec-2004
QUALCOMMUnknown17-Dec-2004
QualityNot Vulnerable13-Jan-2005
Red Hat Inc.Vulnerable10-Jan-2005
SCOUnknown15-Dec-2004
SGIUnknown15-Dec-2004
Sony CorporationUnknown15-Dec-2004
SuSE Inc.Not Vulnerable11-Jan-2005
TeamwareUnknown17-Dec-2004
Trend MicroUnknown13-Jan-2005
UnisysUnknown15-Dec-2004
Wind River Systems Inc.Unknown15-Dec-2004

References


http://www.ietf.org/rfc/rfc2251.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-1236
Additional information is available in Japanese at:
http://jvn.jp/jp/JVN%231BF8D7AA.html

Credit

Thanks to HIRT (Hitachi Incident Response Team).

This document was written by Damon Morda, Stacey Stewart and Jeffrey Gennari.

Other Information

Date Public:2005-01-11
Date First Published:2005-01-11
Date Last Updated:2005-01-14
CERT Advisory: 
CVE-ID(s):CAN-2004-1236
NVD-ID(s):CAN-2004-1236
US-CERT Technical Alerts: 
Metric:7.87
Document Revision:48

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2005 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader