LDAP vulnerabilities
Created 7/19/01
Impact
If an application uses a vulnerable implementation of LDAP,
an attacker could cause a denial of service or execute
arbitrary commands.
Background
A directory service
is used to keep track of network entities such as files,
applications, printers, and users. The Lightweight Directory Access Protocol
(LDAP)
is one protocol which can be used to access directory services.
Many applications, such as mail servers, enterprise servers,
and databases, use LDAP to provide directory
access while conserving resources.
The Problem
Many implementations of the LDAP protocol
do not properly handle requests which do not adhere to
the expected format. Among the problems which may be
present are buffer overflow conditions, format string
vulnerabilities, and mishandling of requests which violate
encoding rules. Exploitation of these problems could
lead to denial of service or unauthorized access.
The following applications contain an implementation of
LDAP which contains such vulnerabilities
if unpatched:
- iPlanet Directory Server version 5.0 Beta and versions up to and including 4.13
- IBM SecureWay, certain versions running under Solaris and Windows 2000
- Lotus Domino R5 Servers (Enterprise, Application, and Mail), prior to 5.0.7a
- Teamware Office for Windows NT and Solaris, prior to version 5.3ed1
- Qualcomm Eudora WorldMail for Windows NT, version 2
- Microsoft Exchange 5.5 LDAP Service (Hotfix pending)
- Network Associates PGP Keyserver 7.0, prior to Hotfix 2
- Oracle Internet Directory, versions 2.1.1.x and 3.0.1
- OpenLDAP, 1.x prior to 1.2.12 and 2.x prior to 2.0.8
Resolution
See CERT Advisory 2001-18
for information on obtaining a patch for your application.
If a patch is not available, then ports 389 and 636, TCP and UDP,
should be blocked at the network perimeter until a patch can
be applied.
Where can I read more about this?
For more information, see
CERT Advisory
2001-18.