| VID |
12083 |
| Severity |
30 |
| Port |
389 |
| Protocol |
TCP |
| Class |
LDAP |
| Detailed Description |
The CommuniGate Pro LDAP service is vulnerable to a denial of service vulnerability which exists in version 5.0.7. CommuniGate Pro is a commercial email and groupware application. CommuniGate Pro Core Server version 5.0.7 and possibly other versions are vulnerable to a denial of service attack, caused by an error in the LDAP (Lightweight Directory Access Protocol) implementation. By sending malformed requests containing specially-crafted DN (Distinguished Names) fields, a remote attacker could crash an affected LDAP service.
* References:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041941.html
http://www.securityfocus.com/archive/1/archive/1/423968/100/0/threaded
http://www.gleg.net/advisory_cg2.shtml
http://www.stalker.com/CommuniGatePro/History.html
http://www.frsirt.com/english/advisories/2006/0444
http://securitytracker.com/id?1015587
http://secunia.com/advisories/18701
* Platforms Affected:
Stalker Software Inc., CommuniGate Pro version 5.0.7 and possibly other versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of CommuniGate Pro Server (5.0.8 or later), available from the CommuniGate Pro Web page at at http://www.stalker.com/CommuniGatePro/default.html |
| Related URL |
CVE-2006-0566 (CVE) |
| Related URL |
16501 (SecurityFocus) |
| Related URL |
(ISS) |
|
