Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:1363
HistoryMar 11, 2001 - 12:00 a.m.

@stake Advisory Notification: Netscape Directory Server buffer overflow (A030701-1)

2001-03-1100:00:00
vulners.com
24

0.003 Low

EPSS

Percentile

69.8%

JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                          @stake, Inc.
                        www.atstake.com

                Security Advisory Notification

Advisory Name: Netscape Directory Server buffer overflow
Release Date: 03/07/2001
Application: Netscape Directory Server 4.1 (bundled with Netscape
Messaging Server)
Netscape Directory Server 4.12 (may be DoS only)
Platform: Windows NT (possibly others)
Severity: An attacker can cause the Directory Server to crash, or may
be able to execute arbitrary code on the server.
Author: Frank Swiderski ([email protected])
Vendor Status: Vendor has issued patches
CVE: CAN-2001-0164
Reference: www.atstake.com/research/advisories/2001/a030701-1.txt

Overview:

The Netscape Directory Server that comes with Netscape Messaging
Server 4.15SP3 is vulnerable to a buffer overflow condition if a specially
crafted query is received. The Directory Server is used to store various
user information for Messenger. The overflow can result in either a
denial of service or arbitrary code execution on the server. Netscape
Directory Server 4.12 is also subject to the same overflow, however, code
execution may or may not be possible due to the location the resultant
string is copied to.

Note that Netscape Messanging Service will ask for a directory
server to use during installation; by default it will install and use its
own copy of Directory Server 4.1. The Messanging service also enables
services which use the Directory Server, such as SMTPD, by default. Both
the Messanging Server and the Directory server are available for many
flavors of Unix as well as for Windows NT, and are commonly used for
managing corporate email.

For more information on LDAP and its protocols, ldapman.org has an
excellent collection of LDAP RFC links at
http://ldapman.org/ldap_rfcs.html. For SMTP, see RFC-821 and RFC-822.

Vendor Response:

iPlanet Directory Server (iDS) Support greatly appreciates these issues
being brought to our attention. We are reporting that these issues do
occur in the following iPlanet products:

 NMS 4.15 (contains the bundled Directory Server 4.11)
 iPlanet Messaging Server 5.0 (contains the bundled Directory Server
 4.12)
 Directory Server 4.11 and 4.12 products.

For all products, an immediate upgrade to Directory Server 4.13 is
available through the iPlanet Support Channel. In addition, we recommend
NMS 4.15 customers upgrade to Patch 4.

Exposure Specifics:

The exposure to existing customers is isolated to the Directory Server
4.11 and 4.12 products. As reported, the overflow can result in either a
denial of service or arbitrary code execution on the server. Netscape
Directory Server 4.12 is also subject to the same denial of service
overflow, however, code execution is not possible.

The Netscape Mail Server 4.15p3 issue of a buffer overflow in the SMTP
session has been resolved in a fix in the NMS 4.15p4 release. This fix
limits the line size of any given command in SMTP command mode. Should
you send a very long (> 16KB) line to the MTA in command mode, you will
get a disconnect with a reply of 550 + text.

We also identified that the iPlanet Messaging Server 5.0 release bundles
Directory Server 4.12, and it also requires the upgrade to Directory
Server 4.13. We are pleased to find that Messaging Server 5.0 does not
contain the same SMTP session overflow issue.

Advisory Reference:

http://www.atstake.com/research/advisories/2001/a030701-1.txt

** The advisory contains additional information. We encourage those
** effected by this issue to read the advisory.
**
** All vulnerablity database maintainers should reference the above
** advisory reference URL to refer to this advisory.

Advisory policy: http://www.atstake.com/research/policy/
For more advisories: http://www.atstake.com/research/advisories/
PGP Key: http://www.atstake.com/research/pgp_key.asc

Copyright 2001 @stake, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBOqa0uFESXwDtLdMhEQLL6ACgraEz3uEN9kfKtK47OU/Gce5addEAnRVu
3a8pAfxEg9EPKlObbe36eDbo
=sQwP
-----END PGP SIGNATURE-----

Delivery co-sponsored by eEye Digital Security

Protect Your Data with Retina 3.0 from eEye…Think Like A Hacker!
Traditional security measures such as firewalls and intrusion detection
systems are not enough. Retina, the Network Security Scanner, scans,
monitors, alerts, and automatically fixes network security vulnerabilities
with a touch of a button. Free 30-day trial available at
http://www.eeye.com/click.asp?referrer=ntbt&P;=Retina

Related

cvelist 1
cve 1
nvd 1
cvelist
cvelist
CVE-2001-0164
2001-09-18 04:00:00
cve
cve
CVE-2001-0164
2001-09-18 04:00:00
nvd
nvd
CVE-2001-0164
2001-06-02 04:00:00

0.003 Low

EPSS

Percentile

69.8%

JSON
Related for SECURITYVULNS:DOC:1363
cvelist1cve1nvd1