recursion causes OOM with bad DN in dn2ancestor

dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service CPU and memory consumption via a ModDN operation with a DN that contains a large number of "," comma characters, which results in a large amount of recursion, as demonstrated usin...

security flaw

The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service crash via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite...

[Full-disclosure] Kerio MailServer bugfun

Hi, It should be noted that ProtoVer Sample IMAP testsuite has been released with 3 unpublished bugs. Now it looks like that Kerio MailServer preauth bug has been fixed. Kerio MailServer 6.1.3 changelog: """ Version 6.1.3 Patch 1 - March 9, 2006 - Fixed possible crash when handling special crafte...

Code injection

Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite...

CVE-2006-0790

Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite...

Double free

Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 allows remote attackers to execute arbitrary code via a crafted LDAP request, as demonstrated by ProtoVer Sample LDAP...

CVE-2006-0453

The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service crash via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite...

CVE-2006-0451

Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service memory consumption via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the berscanf call, as demonstrate...

IBM Tivoli Directory Server 6.0 - LDAP Memory Corruption

IBM Tivoli Directory Server 6.0 - LDAP Memory Corruption source: https://www.securityfocus.com/bid/16593/info IBM Tivoli Directory Server is prone to an unspecified memory corruption. This issue may be triggered by malformed LDAP data. The exact impact of this vulnerability is not known at this...

CVE-2006-0645

Tiny ASN.1 Library libtasn1 before 0.2.18, as used by 1 GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and 2 GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test...

Design/Logic Flaw

Tiny ASN.1 Library libtasn1 before 0.2.18, as used by 1 GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and 2 GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test...

CVE-2006-0645

Tiny ASN.1 Library libtasn1 before 0.2.18, as used by 1 GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and 2 GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test...

[Full-disclosure] ProtoVer LDAP vs CommuniGate Pro 5.0.7

I. DESCRIPTION CommuniGate Pro Core Server from CommuniGate Systems provides robust cross-platform groupware applications, enabling a cost effective, easy to manage communications platform. For more info visit http://www.stalker.com II. DETAILS ProtoVer LDAP testsuite v1.5 uncovered critical Deni...

Code injection

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite...

CVE-2006-0468

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite...

CVE-2006-0468

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite...

Multiple vulnerabilities in CommuniGate Pro Server

I. DESCRIPTION CommuniGate Pro Core Server from CommuniGate Systems provides robust cross-platform groupware applications, enabling a cost effective, easy to manage communications platform. For more info visit http://www.stalker.com II. DETAILS During testing of CommuniGate Pro Server 5.0.6 using...