Title: Netscape Servers Suite Denial of Service Vulnerability
Severity: MODERATE
Description:
A bug in several components of the Netscape Servers suite of products allows and attacker to successfully conduct a denial of service attack against the vulnerable systems. The Netscape Certificate Management System has also several server components that share the problem.
The Netscape Directory Server 4.12 provides a Web to LDAP gateway, by means of the Directory Services Gateway (DSGW) web server.
No authentication credentails are required from the client to access DSGW. The same service is installed and used as part of the Certificate Management System (Netscape/iPlanet CMS 4.2) and in this case it listens on a tcp port chosen during the installation process (24326/tcp in this example).
A request with an URI as follows: http://server:24326/dsgw/bin/search?context=%
will trigger an exception at 0x00403c62 and cause the server to hang and stop servicing requests until the exception generated is dismissed.
The same problem is present in all the binaries in the Netscape\Server4\dsgw\bin directory (auth,csearch,dnedit,doauth, domodify,dosearch,edit,lang,newentry,search,unauth), except for the program 'tutor'.
The '%' can be replaced by any string with a non-alphanumeric character in it, except for '_' and '-'. The string length doesn't matter in this specific problem, as shown in the example above, a string of just one non-alphanumeric character is enough.
The problem lies in a function that uses a buffer that is allocated if the string after 'context=' is alphanumeric, but isn't if the string is non-alphanumeric.
Affected Products:
- Netscape Certificate Server 4.2.0
- Netscape Directory Server 4.12.0
References:
- CORE: CORE SDI Homepage
- Netscape: Netscape Security
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
