Published:2005/01/11  Last Updated:2008/05/21

JVN#1BF8D7AA
LDAP server update function vulnerable to buffer overflow

Overview

Some LDAP servers contain a buffer overflow vulnerability in the update processing.

Products Affected

  • Some LDAP server products (For more information, refer to the vendor's website.)

Description

Impact

A remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user running the LDAP server.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
Hitachi Vulnerable 2005/01/11
FUJITSU LIMITED Not Vulnerable 2005/10/04
NEC Corporation Not Vulnerable 2005/01/12
Quality Corporation Not Vulnerable 2005/01/11
Trend Micro Incorporated Not Vulnerable 2005/01/21
Cybozu, Inc. Not Vulnerable 2005/01/11

References

  1. ISS X-Force Database:nds-ldap-bo (18676)
    Netscape Directory Server LDAP buffer overflow
  2. US-CERT Vulnerability Note VU#258905
    Multiple implementations of LDAP Directory Server vulnerable to buffer overflow
  3. CIAC Bulletin P-083
    Netscape Directory Server on HP-UX LDAP Vulnerability
  4. CIAC Bulletin P-183
    The Sun ONE and JES Directory Server Contain a Buffer Overflow involving LDAP

JPCERT/CC Addendum

Credit

HIRT (Hitachi Incident Response Team) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2004-1236 VU#258905
JVN iPedia JVNDB-2004-000593

Update History