Multiple Vendor LDAP Remote Buffer Overflow Vulnerability

Multiple Vendor LDAP Remote Buffer Overflow Vulnerability

Multiple Vendor implementations of the LDAP protocol are reported prone to a remote buffer overflow vulnerability.

This vulnerability arises because the application does not perform proper boundary checks before copying user-supplied data in to process buffers. As a result an attacker can supply a payload containing excessive string data to overflow static buffers leading to memory corruption.

This issue was originally written as a vulnerability in HP-UX Netscape Directory Server With LDAP, however, new information suggests that multiple vendors are affected by this vulnerability.

Hitachi has confirmed this issue in various versions of Hitachi Directory Server Version 2.

Red Hat has identified this issue in Netscape Directory Server 6.21 and earlier.

HP has confirmed this issue in various versions of HP-UX.