Critical Path Information for VU#657547

Critical Path directory products contain multiple vulnerabilities in LDAP handling code

Status

Affected

Vendor Statement

Critical Path is committed to ensuring that all supported versions of the Directory Server are free of vulnerabilities of the type identified in the above referenced vulnerability note. The outcome of this will be at a minimum, a patch or upgrade to remove the vulnerability from each of the supported versions.

Please visit Critical Path InJoin Directory Server support pages at (http://support.cp.net/CP_Buffer_Overflow_Vulnerability.doc) for details on workarounds and patch availability information for the potential vulnerabilities discovered in the InJoin Directory Server.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.