| VID |
12084 |
| Severity |
40 |
| Port |
389 |
| Protocol |
TCP |
| Class |
LDAP |
| Detailed Description |
The CommuniGate Pro LDAP service is vulnerable to buffer overflow vulnerabilities which exist in versions prior to 5.0.7. CommuniGate Pro is a commercial email and groupware application. CommuniGate Pro Core Server version 5.0.6 and possibly earlier versions are vulnerable to multiple buffer overflow vulnerabilities, caused by errors in the LDAP component during handling of negative length values in the Basic Encoding Rules (BER) length fields. A remote attacker could exploit these vulnerabilities to cause a denial of service or even execute arbitrary code on affected systems. These vulnerabilities were discovered with the ProtoVer LDAP test suite.
* References:
http://www.securityfocus.com/archive/1/423364
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041863.html
http://mail.communigate.com/Lists/CGatePro/Message/82832.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0923.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0974.html
http://www.gleg.net/protover_ldap.shtml
http://secunia.com/advisories/18640/
* Platforms Affected:
Stalker Software Inc., CommuniGate Pro version 5.0.6 and possibly earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of CommuniGate Pro Server (5.0.7 or later), available from the CommuniGate Pro Web page at at http://www.stalker.com/CommuniGatePro/default.html |
| Related URL |
CVE-2006-0468 (CVE) |
| Related URL |
16407 (SecurityFocus) |
| Related URL |
24409 (ISS) |
|
