|
LDAP Buffer Overflow
July 20, 2001
The Lotus Domino R5 Server Family has been discovered to be vulnerable to
certain attacks exploiting the way LDAP requests are processed. The PROTOS
LDAPv3 Test Suite of tools were used in the discovery of these
vulnerabilities. More information about the Test Suite can be found at
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3.
The vulnerabilities may allow for unauthorized privileged access. Buffer
overflow and format string vulnerabilities are likely to be in the
application components according to test results. One or more of these
vulnerabilities may allow a remote attacker to execute arbitrary code on the
server using Domino server privileges. The server usually runs with system
privileges.
Affected systems include:
Lotus Domino R5 Server Family
A temporary solution is to block inbound connections at the network
perimeter. However, it is noted that this will not prevent internal
attacks.
ldap 389/tcp # Lightweight Directory Access Protocol
ldap 389/udp # Lightweight Directory Access Protocol
ldaps 636/tcp # ldap protocol over TLS/SSL (was sldap)
ldaps 636/udp # ldap protocol over TLS/SSL (was sldap)
Lotus reproduced the problem as reported by OUSPG and documented it in
SPR#DWUU4W6NC8. Lotus considers security issues as top priority, and acted
quickly to resolve the problem in a maintenance update to Domino. It was
addressed in Domino R5.0.7a, which was released on May 18th, 2001. This
release can be downloaded from Notes.net at
http://www.notes.net/qmrdown.nsf/qmrwelcome.
The fix is documented in the fix list at
http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8
Detailed information as well as solutions can be found at CERT, which issued
this advisory:
http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3D3444
Credit for this information goes to CERT as well as the Oulu University
Secure Programming Group for originally reporting these vulnerabilities.
http://www.cert.org
|
