iPlanet Information for VU#276944

iPlanet Directory Server contains multiple vulnerabilities in LDAP handling code



Vendor Statement

iPlanet is aware of the weakness identified in the CERT Alert CA-2001-18, regarding implementations of LDAP. The notice describes how different vendors handle conditions outside of the normal operating environment.

It is important to note that the notice does not present a technique to defeat information security, gain unauthorized access or affect data integrity. At this time, iPlanet is not aware of ANY successful breach of security using the information in the CERT Advisory.

The iPlanet Directory Server 5.0 released in May 2001 is not affected. iPlanet Directory Server 4.1.4 and earlier version are known to be affected. However, iPlanet has developed a fix included in iPlanet Directory Server 4.1.5 and is scheduled to ship within two weeks (on August 3, 2001). Alternatively, customers may choose to upgrade to iPlanet Directory Server 5.0

iPlanet customers with questions on this advisory are requested to contact iPlanet Technical Support who will provide full support and up-to-date information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



This statement can also be found at http://www.iplanet.com/products/platform_layer/cert_alert_ca200118.html.

If you have feedback, comments, or additional information about this vulnerability, please send us email.