AppDetective™ Update 2.5.42 - 13 June 2002

NEW CHECKS

Lotus Domino/Lotus Web Server (Pen Test and Security Audit)

Title: LDAP buffer overflow (Verify version)

Description: Check the version of Domino to verify if the LDAP service is vulnerable to a buffer overflow.

Summary: The LDAP protocol provides a directory service for managing enterprise users. The implementation of LDAP for the Domino server contains a number of buffer overflow vulnerabilities that could allow a remote user to execute arbitrary shell commands.

Title: LDAP format string (Verify version)

Description: Check the version of Domino to verify if the LDAP service is vulnerable to a format string vulnerability.

Summary: The LDAP protocol provides a directory service for managing enterprise users. The implementation of LDAP for the Domino server contains a number of format string vulnerabilities that could allow a remote user to execute arbitrary shell commands.

Oracle (Pen Test and Security Audit)

Title: SERVICE_NAME buffer overflow (Version verify)

Description: Check the version of the database to verify if the database is vulnerable to a buffer overflow caused by sending a connect string with a SERVICE_NAME parameter of several thousand bytes.

Summary: A buffer overflow attack exists in the Oracle listener service that allows an anonymous user to execute arbitrary commands by sending a long SERVICE_NAME in the connection string.