Multiple vulnerabilities exist in different vendors' X.400 implementations. The impacts of these vulnerabilities are varied and range from denial of service to potential remote execution of arbitrary code.
The U.K. National Infrastructure Security Co-ordination Center (NISCC) has reported multiple vulnerabilities in different vendors' implementations of the X.400 protocols. X.400 is the short name for the set of standards defined by the ISO and the ITU that describe a messaging service. These protocols are widely used in email transport applications among other services.
Messages using the X.400 protocols are normally exchanged utilizing Basic Encoding Rules (BER) encoded ASN.1 data structures. Crafted messages that do not correctly conform to the X.400 ASN.1 definitions may cause a receiving X.400 system to behave in an unpredictable way. A test suite developed by NISCC has exposed vulnerabilities in a variety of X.400 implementations. While most of these vulnerabilities exist in ASN.1 parsing routines, some vulnerabilities may occur elsewhere.
Further information is available in NISCC Vulnerability Advisory - 006489/X400
The impacts associated with these vulnerabilities include denial of service, and potential execution of arbitrary code.
Patch or Upgrade
These vulnerabilities were discovered and researched by the NISCC Vulnerability Management Team.
|Date First Published:||2003-11-04|
|Date Last Updated:||2003-12-08 18:41 UTC|