Next Page >>
Lightweight Directory Access Protocol
The Cisco IOS Software network address translation (NAT) feature
contains multiple denial of service (DoS) vulnerabilities in the
translation of the following protocols:
* NetMeeting Directory (Lightweight Directory Access Protocol,
LDAP)
* Session Initiation Protocol (Multiple vulnerabilities)
* H.323 protocol
All the vulnerabilities described in this document are caused by
packets in transit on the affected devices when those packets require
Original release: 2011-02-08
Last update: 2011-02-08
Topic: KDC denial of service attacks
CVE-2011-0281: KDC vulnerable to hang when using LDAP back end
CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:H/RL:OF/RC:C
CVSSv2 Base Score: 7.8
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01502023
Version: 2
HPSBMA02346 SSRT080097 rev.3 - HP OpenView Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-07-14
Last Updated: 2008-07-21
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01502023
Version: 2
HPSBMA02346 SSRT080097 rev.2 - HP Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-07-14
Last Updated: 2008-07-16
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01502023
Version: 1
HPSBMA02346 SSRT080097 rev.1 - HP Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-07-14
Last Updated: 2008-07-14
Cisco Unified Communications Manager 4.x
+---------------------------------------
Cisco Unified Communications Manager software version 4.x by default
stores user information using an internal Lightweight Directory
Access Protocol (LDAP) server called DC Directory. After an IP Phone
PAB Synchronizer client successfully authenticates, the Cisco Unified
Communications Manager returns credentials for the DC Directory user
that will be used by the client to synchronize a user's address book.
Depending on how a Cisco Unified Communications Manager is
configured, an attacker may obtain different privilege levels using
An integer overflow flaw was found in Pulse-Java when handling Pulse
audio source data lines. An attacker could use this flaw to cause an
applet to crash, leading to a denial of service (CVE-2009-0794).
A flaw in Java Runtime Environment initialized LDAP connections
allows authenticated remote users to cause denial of service on the
LDAP service (CVE-2009-1093).
A flaw in the Java Runtime Environment LDAP client in handling server
LDAP responses allows remote attackers to execute arbitrary code on
Jul 09, 2008
I. BACKGROUND
Novell eDirectory is cross-platform directory server that implements the
Lightweight Directory Access Protocol (LDAP). The search request is used
to search a directory tree for objects that match a search filter. For
more information, see the vendor's site found at the following URL.
http://www.novell.com/products/edirectory/
I. BACKGROUND
Active Directory, created by Microsoft Corp., provides a number of
network services, one of which is a Light-weight Directory Access
Protocol (LDAP) compatible directory service.
II. DESCRIPTION
Remote exploitation of an invalid free vulnerability in Microsoft
Corp.'s Active Directory Server allows attackers to exhaust all virtual
An integer overflow flaw was found in Pulse-Java when handling Pulse
audio source data lines. An attacker could use this flaw to cause an
applet to crash, leading to a denial of service (CVE-2009-0794).
A flaw in Java Runtime Environment initialized LDAP connections
allows authenticated remote users to cause denial of service on the
LDAP service (CVE-2009-1093).
A flaw in the Java Runtime Environment LDAP client in handling server
LDAP responses allows remote attackers to execute arbitrary code on
ILS Inspection Denial of Service Vulnerability
+---------------------------------------------
The ILS inspection engine provides Network Address Translation (NAT)
support for Microsoft NetMeeting, SiteServer, and Active Directory
products that use Lightweight Directory Access Protocol (LDAP) to
exchange directory information with an ILS server.
The Cisco FWSM is affected by a vulnerability when ILS inspection is
enabled that may cause the device to reload during the processing of
a malformed ILS message. This vulnerability is triggered by transit
Jul 15, 2008
I. BACKGROUND
Internet Directory is Oracle's implementation of the Lightweight
Directory Access Protocol (LDAP) v3 service. It is used in conjunction
with Oracle Identity Management to implement user administration in the
Oracle environment. More information can be found at the following URL.
http://www.oracle.com/technology/products/oid/index.html
Hi
The LDAP garbage dump that remains on web server results in information
disclosure. Security
of LDAP may be compromised, if for instance a search engine crawls
through untamed directories
on the web server and finds information through the ldap.xml file. This
type of harvesting attack is
also termed “static information leveraging attack.” This article
provides methods for dealing with
This vulnerability cannot be used to change the password for the
following types of users accounts:
* User accounts that are defined on external identity stores such
as a Lightweight Directory Access Protocol (LDAP) server, a
Microsoft Active Directory server, an RSA SecurID server, or an
external RADIUS server
* System administrator accounts for the Cisco Secure ACS server
itself that have been configured through the web-based interface
* Users accounts for the Cisco Secure ACS server itself that have
I. SUMMARY:
SECURIFY has discovered a denial-of-service vulnerability in Microsoft
Active Directory (AD) in which a domain user sending a specially-crafted
LDAP request causes the Active Directory server to initiate a controlled
restart. Specific products and versions affected and the hotfixes for
them are detailed in Microsoft Security Bulletin MS08-035 (953235).
This vulnerability has been assigned CVE-2008-1445.
II. SYMPTOMS:
Debian Security Advisory DSA-1758-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 30, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : nss-ldapd
Vulnerability : insecure config file creation
Problem-Type : local
Debian-specific: yes
CVE ID : CVE-2009-1073
Debian Bug : 520476
http://www.security-database.com/toolswatch/AS-400-Auditing-Framework-Beta.html
5) Comments of note:
> ... some default services on AS/400 allow
> annonymous access including POP3, SMTP, LDAP, FTP, etc. But what
> fails audit almost every time are default passwords.
> ... security of these beasts had not been in forefront for
> most companies. Some of them run their e-commerce solutions on AS/400
> facing the Internet
denial of service condition (CVE-2009-0581), heap-based buffer
overflows, potentially allowing arbitrary code execution
(CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference,
leading to denial of service (CVE-2009-0793).
The LDAP server implementation (in com.sun.jdni.ldap) did not properly
close sockets if an error was encountered, leading to a
denial-of-service condition (CVE-2009-1093).
The LDAP client implementation (in com.sun.jdni.ldap) allowed
malicious LDAP servers to execute arbitrary code on the client
Because of a Microsoft Windows NT Domain authentication issue the Cisco
ASA and Cisco PIX devices may be susceptible to a VPN authentication
bypass vulnerability. Cisco ASA or Cisco PIX security appliances that
are configured for IPSec or SSL-based remote access VPN using Microsoft
Windows NT Domain authentication may be vulnerable. Devices that are
using any other type of external authentication (that is, LDAP, RADIUS,
TACACS+, SDI, or local database) are not affected by this vulnerability.
The following example demonstrates how Windows NT domain authentication
is configured using the command line interface (CLI) on the Cisco ASA:
1.4.3 allows remote attackers to cause a denial of service (application
crash) via a pcap-ng file that contains a large packet-length field
(CVE-2011-1139).
Multiple stack consumption vulnerabilities in the
dissect_ms_compressed_string and dissect_mscldap_string functions in
Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow
remote attackers to cause a denial of service (infinite recursion)
via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet
(CVE-2011-1140).
ZDI-09-075: Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-075
November 2, 2009
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
1 net-mail/dbmail < 2.2.9 >= 2.2.9
Description
===========
A vulnerability in DBMail's authldap module when used in conjunction
with an Active Directory server has been reported by vugluskr. When
passing a zero length password to the module, it tries to bind
anonymously to the LDAP server. If the LDAP server allows anonymous
binds, this bind succeeds and results in a successful authentication to
DBMail.
Debian Security Advisory DSA-1650-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
October 12, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openldap2.3
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2952
Debian Bug : 488710
Mandriva Linux Security Advisory MDKSA-2007:215
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openldap
Date : November 8, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Debian Security Advisory DSA-1541-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
April 08, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openldap2.3
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-5707 CVE-2007-5708 CVE-2007-6698 CVE-2008-0658
Debian Bug : 440632 448644 465875
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of IBM Tivoli Directory Server. Authentication
is not required to exploit this vulnerability.
The specific flaw exists in how ibmslapd.exe handles LDAP CRAM-MD5
packets. ibmslapd.exe listens by default on port TCP 389. When the
process receives an LDAP CRAM-MD5 packet, it uses libibmldap.dll to
handle the allocation of a buffer for the packet data. A specially
crafted packet can cause the ber_get_int function to allocate a buffer
that is too small to fit the packet data, causing a subsequent
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02552030
Version: 1
HPSBST02595 SSRT1000303 rev.1 - HP Storage Essentials Using LDAP, Remote Unauthenticated Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-10-26
Last Updated: 2010-10-26
Description
===========
The PhpWiki development team reported an authentication error within
the file lib/WikiUser/LDAP.php when binding to an LDAP server with an
empty password.
Impact
======
high-definition live and on-demand video, motion graphics, web pages,
and dynamic content on digital displays.
A vulnerability exists in all Cisco DMM versions earler than 5.2 that
could allow authenticated but unauthorized users to view Cisco Digital
Media Player user credentials and LDAP credentials (if configured) in
error log messages and stack traces.
This vulnerability is documented in Cisco Bug ID CSCtc46050 and has
been assigned Common Vulnerabilities and Exposures (CVE) identifier
CVE-2010-0572.
-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of Sun Microsystems Directory Service Manager.
Authentication is not required to exploit this vulnerability.
The specific flaw exists within Sun Directory Server's LDAP
implementation and can be triggered via a malformed LDAP query to the
service. When the service decodes the malformed query, the application
will cause a buffer overflow which can lead to code execution under the
context of the service.
Next Page>>
|
