[NEWS] Oracle Internet Directory Pre-Authentication LDAP DoS Vulnerability
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 17 Jul 2008 20:04:15 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Oracle Internet Directory Pre-Authentication LDAP DoS Vulnerability
------------------------------------------------------------------------
SUMMARY
Internet Directory is "Oracle's implementation of the Lightweight
Directory Access Protocol (LDAP) v3 service. It is used in conjunction
with Oracle Identity Management to implement user administration in the
Oracle environment". Remote exploitation of a pre-authentication input
validation vulnerability in Oracle Corp.'s Oracle Internet Directory
allows an attacker to conduct a denial of service attack on a vulnerable
host.
DETAILS
Vulnerable Systems:
* Oracle Internet Directory for Windows version 10.1.4.0.1 with the April
2007 CPU installed
Internet Directory consists of two processes. One process acts as a
listener. It handles incoming connections and passes them off to the
second process. The second process, which handles requests, contains the
vulnerability.
When processing a malformed LDAP request, it is possible to cause the
handler to dereference a NULL pointer. This results in the process
crashing. Future connection requests will be accepted by the listener
process, and then immediately closed when it finds that there is no
handler process running.
Analysis:
Exploitation of this vulnerability allows an attacker to deny service to
legitimate users of the directory server. In order to exploit this issue,
an attacker must be able to establish an LDAP session with the vulnerable
server. This is typically done via TCP port 389 or the SSL-enabled TCP
port 636. No authentication is needed. In order to restore functionality,
the listener process must be stopped and restarted.
Vendor response:
Oracle Corp. has addressed this vulnerability with the release of their
July 2008 Critical Patch Update. For more information, visit the following
URL:
<http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html> http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2595>
CVE-2008-2595
Disclosure timeline:
05/11/2007 - Initial vendor notification
05/11/2007 - Initial vendor response
07/15/2008 - Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@xxxxxxxxxxxx> iDefense Labs Security Advisories.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=725>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=725
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [EXPL] Simple DNS Plus Denial of Service
- Next by Date: [NEWS] Novell eDirectory dhost Integer Overflow Code Execution Vulnerability
- Previous by thread: [EXPL] Simple DNS Plus Denial of Service
- Next by thread: [NEWS] Novell eDirectory dhost Integer Overflow Code Execution Vulnerability
- Index(es):
Relevant Pages
|
