A buffer overflow flaw exists in the way that the Lightweight Directory Access Protocol (LDAP) server included with the IMail Server handles messages with overly long tags. This results in a vulnerability that can be exploited by a remote attacker who has the ability to supply a specially crafted message to the server.
NOTE: The CERT/CC is aware of publicly available exploit code for this vulnerability and has received reports of active reconnaissance for, and exploitation of, vulnerable systems.
A remote attacker may be able to execute arbitrary code in the context of Administrator on vulnerable systems running Windows 2000 or Windows XP. Furthermore, successful exploitation has been reported to cause the LDAP service to crash, resulting in a denial-of-service condition.
Apply a patch from the vendor
Filter network traffic for the LDAP service
Thanks to iDefense Labs for reporting this vulnerability.
This document was written by Chad R Dougherty.
|Date First Published:||2004-02-23|
|Date Last Updated:||2004-03-19 19:47 UTC|