|
Buffer Overflows in OID
July 20, 2001
Oracle's Internet Directory has been discovered to be vulnerable to certain
attacks exploiting the way LDAP requests are processed. The PROTOS LDAPv3
Test Suite of tools were used in the discovery of these vulnerabilities.
More information about the Test Suite can be found at
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ .
The vulnerabilities may allow for Denial of Service attacks as well as
unauthorized privileged access. Buffer overflow and format string
vulnerabilities are likely to be in the application components according to
test results. One or more of these vulnerabilities may allow a remote
attacker to execute arbitrary code on the server using server privileges.
The server usually runs with system privileges.
Affected systems include:
Oracle 8i Enterprise Edition 8.1.7, 8.1.6, 8.1.5, 8.0.6, 8.0.5
A temporary solution is to block inbound connections at the network
perimeter. However, it is noted that this will not prevent internal
attacks.
ldap 389/tcp # Lightweight Directory Access Protocol
ldap 389/udp # Lightweight Directory Access Protocol
ldaps 636/tcp # ldap protocol over TLS/SSL (was sldap)
ldaps 636/udp # ldap protocol over TLS/SSL (was sldap)
See the Oracle website for Vendor updated patch information. The link is
http://otn.oracle.com/deploy/security/alerts.htm .
As of this writing, we have been unable to locate a patch for this
vulnerability.
Detailed information as well as solutions can be found at CERT, which issued
this advisory and vulnerability note:
http://www.cert.org/advisories/CA-2001-18.html
http://www.kb.cert.org/vuls/id/869184
Credit for this information goes to CERT as well as the Oulu University
Secure Programming Group for originally reporting these vulnerabilities.
http://www.cert.org
|
