|
DoS in LDAP Service
July 20, 2001
The Microsoft Exchange 5.5 LDAP Service have been found to be vulnerable to
certain attacks exploiting the way that LDAP requests are handled. The
PROTOS LDAPv3 Test Suite of tools were used in the discovery of these
vulnerabilities. More information about the Test Suite can be found at
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3.
The vulnerabilities may allow for a Denial of Service attack by a remote
user. The Microsoft Exchange 5.5 LDAP Service contains a vulnerability
that causes the LDAP service to stop responding when a malformed LDAP
request was generated by the PROTOS test suite. Only the LDAP component was
affected, all other services such as email continued normally.
Affected systems include:
Microsoft Exchange 5.5
A temporary solution is to block inbound connections at the network
perimeter. However, it is noted that this will not prevent internal
attacks.
ldap 389/tcp # Lightweight Directory Access Protocol
ldap 389/udp # Lightweight Directory Access Protocol
ldaps 636/tcp # ldap protocol over TLS/SSL (was sldap)
ldaps 636/udp # ldap protocol over TLS/SSL (was sldap)
Microsoft is developing a hotfix for this issue which will be available
shortly.
Customers can obtain this hotfix by contacting Product Support Services at
no charge and asking for Q303448 and Q303450. Information on contacting
Microsoft Product Support Services can be found at
http://www.microsoft.com/support/
Detailed information as well as solutions can be found at CERT, which issued
this advisory:
http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3D3444
Credit for this information goes to CERT as well as the Oulu University
Secure Programming Group for originally reporting these vulnerabilities.
http://www.cert.org
|
