Published:2005/01/11 Last Updated:2008/05/21
JVN#1BF8D7AA
LDAP server update function vulnerable to buffer overflow
Overview
Some LDAP servers contain a buffer overflow vulnerability in the update processing.
Products Affected
- Some LDAP server products (For more information, refer to the vendor's website.)
Description
Impact
A remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user running the LDAP server.
Solution
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Hitachi | Vulnerable | 2005/01/11 | |
| FUJITSU LIMITED | Not Vulnerable | 2005/10/04 | |
| NEC Corporation | Not Vulnerable | 2005/01/12 | |
| Quality Corporation | Not Vulnerable | 2005/01/11 | |
| Trend Micro Incorporated | Not Vulnerable | 2005/01/21 | |
| Cybozu, Inc. | Not Vulnerable | 2005/01/11 |
References
- ISS X-Force Database:nds-ldap-bo (18676)
Netscape Directory Server LDAP buffer overflow - US-CERT Vulnerability Note VU#258905
Multiple implementations of LDAP Directory Server vulnerable to buffer overflow - CIAC Bulletin P-083
Netscape Directory Server on HP-UX LDAP Vulnerability - CIAC Bulletin P-183
The Sun ONE and JES Directory Server Contain a Buffer Overflow involving LDAP
JPCERT/CC Addendum
Credit
HIRT (Hitachi Incident Response Team) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2004-1236 VU#258905 |
| JVN iPedia |
JVNDB-2004-000593 |