CommuniGate Pro Server LDAP DN Overflow

2006-02-04T13:39:49
ID OSVDB:22932
Type osvdb
Reporter Evgeny Demidov(demidov@gleg.net)
Modified 2006-02-04T13:39:49

Description

Vulnerability Description

A remote overflow exists in CommuniGate Pro Core Server. The product fails to handle numerous DNs correctly resulting in an integer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Solution Description

Upgrade to version 5.0.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in CommuniGate Pro Core Server. The product fails to handle numerous DNs correctly resulting in an integer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Manual Testing Notes

Changelog: 5.0.8 03-Feb-06 * Directory: DN processing changed to avoid problems with DNs containing too many (>100) elements.

References:

Vendor Specific News/Changelog Entry: http://www.stalker.com/CommuniGatePro/History.html Security Tracker: 1015587 Secunia Advisory ID:18701 Other Advisory URL: http://www.gleg.net/advisory_cg2.shtml Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0050.html Mail List Post: http://archives.neohapsis.com/archives/dailydave/2006-q1/0110.html ISS X-Force ID: 24409 CVE-2006-0566