Teamware Information for VU#688960

Teamware Office contains multiple vulnerabilities in LDAP handling code

Status

Affected

Vendor Statement

An issue has been discovered with Teamware Office Enterprise Directory (LDAP server) that shows a abnormal termination or loop when the LDAP server encounters a maliciously or incorrectly created LDAP request data.

If the maliciously formatted LDAP request data is requested, the LDAP server may excessively copy the LDAP request data to the stack area.

This overflow is likely to cause execution of malicious code. In other case, the LDAP server may go into abnormal termination or infinite loop.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Teamware has provided additional documentation of these issues in their "Teamware Solution Database", available at:


Registered users can find information on these vulnerabilities by searching for document #010703-0000 for Windows NT or document #010703-0001 for Solaris.

If you have feedback, comments, or additional information about this vulnerability, please send us email.