J-Security Center

Title: Multiple Vendor LDAP Remote Buffer Overflow Vulnerability

Severity: CRITICAL

Description:

Multiple Vendor implementations of the LDAP protocol are reported prone to a remote buffer overflow vulnerability.

This vulnerability arises because the application does not perform proper boundary checks before copying user-supplied data in to process buffers. Specifically, this issue affects a buffer that is used to generate error messages. As a result an attacker can supply a payload containing excessive string data to overflow static buffers leading to memory corruption.

It should be noted that this issue may allow for arbitrary code execution. This can occur if the attacker's payload is crafted in a manner that includes large string data and replacement memory addresses to redirect process execution to arbitrary machine code supplied by the attacker. If successfully exploited, the arbitrary code would execute in the context of the LDAP process, potentially allowing the attacker to gain unauthorized access to the computer. Exploitation attempts may result in a denial of service condition as well.

This issue was originally written as a vulnerability in HP-UX Netscape Directory Server With LDAP, however, new information suggests that multiple vendors are affected by this vulnerability.

Hitachi has confirmed this issue in various versions of Hitachi Directory Server Version 2.

Red Hat has identified this issue in Netscape Directory Server 6.21 and earlier.

HP has confirmed this issue in various versions of HP-UX.

Affected Products:

  • HP HP-UX B.11.00
  • HP HP-UX B.11.11
  • HP HP-UX B.11.23
  • Hitachi Directory Server Version 2 P-1B44-A121 02-00
  • Hitachi Directory Server Version 2 P-1B44-A121 02-01
  • Hitachi Directory Server Version 2 P-1B44-A121 02-10
  • Hitachi Directory Server Version 2 P-1B44-A121 02-10-/P
  • Hitachi Directory Server Version 2 P-1B44-A121 02-10-/Q
  • Hitachi Directory Server Version 2 P-1B44-A121 02-10-/S
  • Hitachi Directory Server Version 2 P-2444-A124 02-00
  • Hitachi Directory Server Version 2 P-2444-A124 02-01
  • Hitachi Directory Server Version 2 P-2444-A124 02-10
  • Hitachi Directory Server Version 2 P-2444-A124 02-10-/D
  • Hitachi Directory Server Version 2 P-2444-A124 02-11
  • Hitachi Directory Server Version 2 P-2444-A124 02-11-/F
  • Hitachi Directory Server Version 2 P-2444-A124 02-11-/G
  • Hitachi Directory Server Version 2 P-2444-A124 02-11-/H
  • Netscape Directory Server 1.3.0 P5
  • Netscape Directory Server 3.1.0 P1
  • Netscape Directory Server 3.12.0
  • Netscape Directory Server 4.1.0
  • Netscape Directory Server 4.11.0
  • Netscape Directory Server 4.12.0
  • Netscape Directory Server 4.13.0
  • Netscape Directory Server 6.0.0
  • Netscape Directory Server 6.0.0 1
  • Netscape Directory Server 6.0.0 2
  • Netscape Directory Server 6.1.0
  • Netscape Directory Server 6.11.0
  • Netscape Directory Server 6.2.0
  • Netscape Directory Server 6.21.0
  • Sun Java System Directory Server 5.2
  • Sun ONE Directory Server 5.1.0
  • Sun ONE Directory Server 5.1.0 SP1
  • Sun ONE Directory Server 5.1.0 SP2
  • Sun ONE Directory Server 5.1.0 SP3
  • Sun ONE Directory Server 5.1.0 SP3 x86
  • Sun ONE Directory Server 5.1.0 x86
  • Sun Solaris 9
  • Sun Solaris 9_x86

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.