Notified: April 06, 2001 Updated: July 27, 2001
iPlanet is aware of the weakness identified in the CERT Alert CA-2001-18, regarding implementations of LDAP. The notice describes how different vendors handle conditions outside of the normal operating environment. It is important to note that the notice does not present a technique to defeat information security, gain unauthorized access or affect data integrity. At this time, iPlanet is not aware of ANY successful breach of security using the information in the CERT Advisory. The iPlanet Directory Server 5.0 released in May 2001 is not affected. iPlanet Directory Server 4.1.4 and earlier version are known to be affected. However, iPlanet has developed a fix included in iPlanet Directory Server 4.1.5 and is scheduled to ship within two weeks (on August 3, 2001). Alternatively, customers may choose to upgrade to iPlanet Directory Server 5.0 iPlanet customers with questions on this advisory are requested to contact iPlanet Technical Support who will provide full support and up-to-date information.
The vendor has not provided us with any further information regarding this vulnerability.
This statement can also be found at http://www.iplanet.com/products/platform_layer/cert_alert_ca200118.html.