Notified:  May 09, 2001 Updated: July 16, 2001

Status

Affected

Vendor Statement

An issue has been discovered with Teamware Office Enterprise Directory (LDAP server) that shows a abnormal termination or loop when the LDAP server encounters a maliciously or incorrectly created LDAP request data. If the maliciously formatted LDAP request data is requested, the LDAP server may excessively copy the LDAP request data to the stack area. This overflow is likely to cause execution of malicious code. In other case, the LDAP server may go into abnormal termination or infinite loop.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Teamware has provided additional documentation of these issues in their "Teamware Solution Database", available at: http://support.teamw.com/Online/s_database1.shtml Registered users can find information on these vulnerabilities by searching for document #010703-0000 for Windows NT or document #010703-0001 for Solaris.