A buffer overflow in some implementations of the LDAP protocol may allow a remote unauthenticated attacker to execute arbitrary code.
The Lightweight Directory Access Protocol (LDAP) is a protocol for accessing network based directories. A lack of bounds checking in some implementations of the LDAP protocol may allow a buffer used to generate error messages to overflow. If a remote unauthenticated attacker supplies a LDAP server with a specially crafted request, they may be able to trigger the buffer overflow to compromise the vulnerable server.
A remote unauthenticated attacker may be able to execute arbitrary code on a vulnerable LDAP server with the privileges of the compromised LDAP process, or crash the LDAP process resulting in a denial-of-service condition.
Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take.
Block or restrict access to the LDAP service (389/tcp or 636/tcp) on affected systems from untrusted networks such as the Internet. Sites, particularly those who are not able to apply the appropriate patches, are encouraged to consider implementing this workaround. Note that this change may break some desired functionality depending on particular site configuration details. As a general rule and a matter of good security practice, the CERT/CC recommends blocking access to all services that are not explicitly required.
Hewlett-Packard Company Affected
Netscape Communications Corporation Affected
Red Hat Inc. Affected
Apple Computer Inc. Not Affected
Cybozu Not Affected
Juniper Networks Not Affected
Lotus Software Not Affected
NEC Corporation Not Affected
OpenLDAP Not Affected
Quality Not Affected
SuSE Inc. Not Affected
Cray Inc. Unknown
EMC Corporation Unknown
F5 Networks Unknown
Ingrian Networks Unknown
Microsoft Corporation Unknown
MontaVista Software Unknown
Nortel Networks Unknown
Openwall GNU/*/Linux Unknown
Oracle Corporation Unknown
PADL Software Unknown
Sony Corporation Unknown
Trend Micro Unknown
Wind River Systems Inc. Unknown
Thanks to HIRT (Hitachi Incident Response Team).
This document was written by Damon Morda, Stacey Stewart and Jeffrey Gennari.
|Date First Published:||2005-01-11|
|Date Last Updated:||2005-01-14 21:38 UTC|