LDAP vulnerabilities
Updated 3/18/03
Impact
If an application uses a vulnerable implementation of LDAP,
an attacker could cause a denial of service or execute
arbitrary commands.
Background
A directory service
is used to keep track of network entities such as files,
applications, printers, and users. The Lightweight Directory Access Protocol
(LDAP)
is one protocol which can be used to access directory services.
Many applications, such as mail servers, enterprise servers,
and databases, use LDAP to provide directory
access while conserving resources.
The Problem
7/19/01
Many implementations of the LDAP protocol
do not properly handle requests which do not adhere to
the expected format. Among the problems which may be
present are buffer overflow conditions, format string
vulnerabilities, and mishandling of requests which violate
encoding rules. Exploitation of these problems could
lead to denial of service or unauthorized access.
The following applications contain an implementation of
LDAP which contains such vulnerabilities
if unpatched:
- iPlanet Directory Server version 5.0 Beta and versions up to and including 4.13 (CAN 2001-1306 CAN 2001-1307 CAN 2001-1308)
- IBM SecureWay, certain versions running under Solaris and Windows 2000 (CAN 2001-1309 CAN 2001-1310)
- Lotus Domino Servers (Enterprise, Application, and Mail), R5 prior to 5.0.7a and (3/18/03) R6 prior to 6.0 Gold
(CAN 2001-1311
CAN 2001-1312
CAN 2001-1313)
- Critical Path LiveContent Directory, version 8A.3 (CAN 2001-1314 CAN 2001-1315)
- Critical Path InJoin Directory Server, versions 3.0, 3.1, and 4.0 (CAN 2001-1314 CAN 2001-1315)
- Teamware Office for Windows NT and Solaris, prior to version 5.3ed1 (CAN 2001-1316 CAN 2001-1317)
- Qualcomm Eudora WorldMail for Windows NT, version 2 (CAN 2001-1318)
- Microsoft Exchange 5.5 LDAP Service (Hotfix pending) (CAN 2001-1319)
- Network Associates PGP Keyserver 7.0, prior to Hotfix 2 (CAN 2001-1320)
- Oracle Internet Directory, versions 2.1.1.x and 3.0.1 (CAN 2001-0974 CAN 2001-0975 CAN 2001-1321)
- OpenLDAP
Resolution
See CERT Advisory 2001-18
for information on obtaining a patch for your application.
OpenLDAP 2.x users may also need to fix a separate set of
vulnerabilities which were reported in
SuSE Security
Announcement 2002:047. Consult your vendor for a fix.
If a patch is not available, then ports 389 and 636, TCP and UDP,
should be blocked at the network perimeter until a patch can
be applied.
Where can I read more about this?
For more information, see
CERT Advisory
2001-18 and
SuSE Security
Announcement 2002:047.