A buffer overflow in some implementations of the LDAP protocol may allow a remote unauthenticated attacker to execute arbitrary code.
The Lightweight Directory Access Protocol (LDAP) is a protocol for accessing network based directories. A lack of bounds checking in some implementations of the LDAP protocol may allow a buffer used to generate error messages to overflow. If a remote unauthenticated attacker supplies a LDAP server with a specially crafted request, they may be able to trigger the buffer overflow to compromise the vulnerable server.
A remote unauthenticated attacker may be able to execute arbitrary code on a vulnerable LDAP server with the privileges of the compromised LDAP process, or crash the LDAP process resulting in a denial-of-service condition.
Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take.
Block or restrict access to the LDAP service (389/tcp or 636/tcp) on affected systems from untrusted networks such as the Internet. Sites, particularly those who are not able to apply the appropriate patches, are encouraged to consider implementing this workaround. Note that this change may break some desired functionality depending on particular site configuration details. As a general rule and a matter of good security practice, the CERT/CC recommends blocking access to all services that are not explicitly required.
Thanks to HIRT (Hitachi Incident Response Team).
This document was written by Damon Morda, Stacey Stewart and Jeffrey Gennari.
|Date First Published:||2005-01-11|
|Date Last Updated:||2005-01-14 21:38 UTC|