DESCRIPTION:
Evgeny Legerov has reported a vulnerability in Isode M-Vault Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to an error in the LDAP server within
the handling of certain requests. This can be exploited to cause a
double free error which crashes the service and may allow arbitrary
code execution via a specially-crafted request sent to port 389/tcp.
The vulnerability has been reported in version 11.3. Other versions
may also be affected.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
{"id": "SECURITYVULNS:DOC:11467", "bulletinFamily": "software", "title": "[SA18818] Isode M-Vault Server LDAP Vulnerability", "description": "\r\nTITLE:\r\nIsode M-Vault Server LDAP Vulnerability\r\n\r\nSECUNIA ADVISORY ID:\r\nSA18818\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/18818/\r\n\r\nCRITICAL:\r\nModerately critical\r\n\r\nIMPACT:\r\nDoS, System access\r\n\r\nWHERE:\r\n>From local network\r\n\r\nSOFTWARE:\r\nIsode M-Vault 11.x\r\nhttp://secunia.com/product/8065/\r\n\r\nDESCRIPTION:\r\nEvgeny Legerov has reported a vulnerability in Isode M-Vault Server,\r\nwhich can be exploited by malicious people to cause a DoS (Denial of\r\nService) and potentially compromise a vulnerable system.\r\n\r\nThe vulnerability is caused due to an error in the LDAP server within\r\nthe handling of certain requests. This can be exploited to cause a\r\ndouble free error which crashes the service and may allow arbitrary\r\ncode execution via a specially-crafted request sent to port 389/tcp.\r\n\r\nThe vulnerability has been reported in version 11.3. Other versions\r\nmay also be affected.\r\n\r\nSOLUTION:\r\nRestrict access to the LDAP service.\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nEvgeny Legerov, GLEG Ltd.\r\n\r\nORIGINAL ADVISORY:\r\nhttp://lists.immunitysec.com/pipermail/dailydave/2006-February/002925.html\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "published": "2006-02-16T00:00:00", "modified": "2006-02-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11467", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:16", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-08-31T11:10:16", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2595", "CVE-2020-11467", "CVE-2019-11467", "CVE-2015-9286", "CVE-2008-7273", "CVE-2017-11467", "CVE-2008-7272"]}, {"type": "github", "idList": ["GHSA-XM6R-4466-MR74"]}, {"type": "openbugbounty", "idList": ["OBB:382604"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112079"]}, {"type": "thn", "idList": ["THN:BB6873C1AA3F92A251FBBC764C6AF53F"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/HTTP/ORIENTDB_EXEC"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:5EC810D861302A13F9EC8A07E061669A"]}, {"type": "exploitdb", "idList": ["EDB-ID:44068"]}, {"type": "nessus", "idList": ["OPENSUSE-2016-462.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1064-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652", "SECURITYVULNS:VULN:14753", "SECURITYVULNS:DOC:32658", "SECURITYVULNS:VULN:14720"]}], "modified": "2018-08-31T11:10:16", "rev": 2}, "vulnersScore": 7.5}, "affectedSoftware": []}
{"rst": [{"lastseen": "2020-12-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **218[.]103.138.129** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **58**.\n First seen: 2020-12-27T03:00:00, Last seen: 2020-12-27T03:00:00.\n IOC tags: **botnet**.\nWe found that the IOC is used by: **mirai**.\nASN 4760: (First IP 218.103.112.0, Last IP 218.103.255.255).\nASN Name \"HKTIMSAP\" and Organisation \"HKT Limited\".\nASN hosts 11467 domains.\nGEO IP information: City \"Central\", Country \"Hong Kong\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-27T00:00:00", "id": "RST:D862FD1D-35D4-337F-9F53-81FAC85F2BB5", "href": "", "published": "2020-12-27T00:00:00", "title": "RST Threat feed. IOC: 218.103.138.129", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **58[.]152.89.40** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2020-12-25T03:00:00, Last seen: 2020-12-25T03:00:00.\n IOC tags: **generic**.\nASN 4760: (First IP 58.152.8.0, Last IP 58.152.111.255).\nASN Name \"HKTIMSAP\" and Organisation \"HKT Limited\".\nASN hosts 11467 domains.\nGEO IP information: City \"Kowloon\", Country \"Hong Kong\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-25T00:00:00", "id": "RST:A978A9B1-07F3-35CA-B608-57FB778B32A4", "href": "", "published": "2020-12-27T00:00:00", "title": "RST Threat feed. IOC: 58.152.89.40", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **58[.]152.143.213** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2020-12-05T03:00:00, Last seen: 2020-12-06T03:00:00.\n IOC tags: **generic**.\nASN 4760: (First IP 58.152.112.0, Last IP 58.153.255.255).\nASN Name \"HKTIMSAP\" and Organisation \"HKT Limited\".\nASN hosts 11467 domains.\nGEO IP information: City \"Central\", Country \"Hong Kong\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-05T00:00:00", "id": "RST:89D6A37C-F17F-34AE-A930-F4712A782012", "href": "", "published": "2020-12-27T00:00:00", "title": "RST Threat feed. IOC: 58.152.143.213", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **58[.]152.55.84** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **46**.\n First seen: 2020-12-08T03:00:00, Last seen: 2020-12-21T03:00:00.\n IOC tags: **botnet**.\nWe found that the IOC is used by: **mirai**.\nASN 4760: (First IP 58.152.8.0, Last IP 58.152.111.255).\nASN Name \"HKTIMSAP\" and Organisation \"HKT Limited\".\nASN hosts 11467 domains.\nGEO IP information: City \"Central\", Country \"Hong Kong\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-08T00:00:00", "id": "RST:9A7D42AD-72FC-3838-8891-4CF4D3865A32", "href": "", "published": "2020-12-27T00:00:00", "title": "RST Threat feed. IOC: 58.152.55.84", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **112[.]118.183.8** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2020-12-27T03:00:00, Last seen: 2020-12-27T03:00:00.\n IOC tags: **generic**.\nASN 4760: (First IP 112.118.0.0, Last IP 112.120.255.255).\nASN Name \"HKTIMSAP\" and Organisation \"HKT Limited\".\nASN hosts 11467 domains.\nGEO IP information: City \"Central\", Country \"Hong Kong\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-27T00:00:00", "id": "RST:13D1796A-5A28-3131-8452-FD8E096B9C56", "href": "", "published": "2020-12-27T00:00:00", "title": "RST Threat feed. IOC: 112.118.183.8", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **1[.]36.177.122** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **31**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 4760: (First IP 1.36.0.0, Last IP 1.36.255.255).\nASN Name \"HKTIMSAP\" and Organisation \"HKT Limited\".\nASN hosts 11467 domains.\nGEO IP information: City \"Central\", Country \"Hong Kong\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-21T00:00:00", "id": "RST:05C9FF87-9674-3769-9C4B-CC138F80EE87", "href": "", "published": "2020-12-25T00:00:00", "title": "RST Threat feed. IOC: 1.36.177.122", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **1[.]64.59.208** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **20**.\n First seen: 2020-11-22T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 4760: (First IP 1.64.0.0, Last IP 1.65.138.255).\nASN Name \"HKTIMSAP\" and Organisation \"HKT Limited\".\nASN hosts 11467 domains.\nGEO IP information: City \"Central\", Country \"Hong Kong\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-22T00:00:00", "id": "RST:0D87A519-B131-31F3-B003-8A33BB0E5170", "href": "", "published": "2020-12-25T00:00:00", "title": "RST Threat feed. IOC: 1.64.59.208", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **1[.]64.117.192** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **31**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 4760: (First IP 1.64.0.0, Last IP 1.65.138.255).\nASN Name \"HKTIMSAP\" and Organisation \"HKT Limited\".\nASN hosts 11467 domains.\nGEO IP information: City \"Shatin\", Country \"Hong Kong\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-21T00:00:00", "id": "RST:164536B7-2543-3AE1-BEFB-3881482BBCDE", "href": "", "published": "2020-12-25T00:00:00", "title": "RST Threat feed. IOC: 1.64.117.192", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **1[.]64.162.72** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **31**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 4760: (First IP 1.64.0.0, Last IP 1.65.138.255).\nASN Name \"HKTIMSAP\" and Organisation \"HKT Limited\".\nASN hosts 11467 domains.\nGEO IP information: City \"Central\", Country \"Hong Kong\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-21T00:00:00", "id": "RST:3AF237AE-0EF9-3330-9D86-21B7D386E94F", "href": "", "published": "2020-12-25T00:00:00", "title": "RST Threat feed. IOC: 1.64.162.72", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **42[.]200.70.134** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **23**.\n First seen: 2020-10-24T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **shellprobe, generic**.\nASN 4760: (First IP 42.200.64.0, Last IP 42.200.255.255).\nASN Name \"HKTIMSAP\" and Organisation \"HKT Limited\".\nASN hosts 11467 domains.\nGEO IP information: City \"Central\", Country \"Hong Kong\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-24T00:00:00", "id": "RST:399984A1-4F54-3855-A473-9F1C2A3AAFDD", "href": "", "published": "2020-12-25T00:00:00", "title": "RST Threat feed. IOC: 42.200.70.134", "type": "rst", "cvss": {}}]}
