OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ogle Ron (Rennes) (OgleRthmulti.com)
Date: Tue Jul 31 2001 - 14:41:06 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    > -----Original Message-----
    > From: aleph1securityfocus.com [mailto:aleph1securityfocus.com]
    > Sent: Tuesday, July 17, 2001 4:55 PM
    > To: bugtraqsecurityfocus.com
    > Subject: CERT Advisory CA-2001-18
    >
    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    >
    > CERT Advisory CA-2001-18 Multiple Vulnerabilities in Several
    > Implementations of the Lightweight Directory Access Protocol (LDAP)
    >
    > Original release date: July 16, 2001
    > Last revised: --
    > Source: CERT/CC
    >
    > A complete revision history can be found at the end of this file.
    >
    > Systems Affected
    We've just got confirmation that Critical Path's line of LDAP directories
    (http://www.cp.net/) are susceptible to the LDAP vulnerabilities in this
    CERT announcement. I am sending out this email to make sure that all
    ICL/Peerlogic i500 and InJoin/ GDS administrators are made aware of the
    vulnerabilities. Critical Path has not publicly announced this
    vulnerability yet, but I'm sure that hackers/crackers already know. I am
    disappointed in Critical Path for not even testing for these vulnerabilities
    until pressure was put on them through resellers and for not public ally
    announcing it so that administrators are made aware.

    If you are an administrator of one of these products, please contact
    Critical Path or your reseller to pressure Critical Path on providing the
    patches quickly. Also, if you have a public ally accessible LDAP server
    from Critical Path, I'd block it from the Internet until patches are
    installed.

    Ron Ogle
    (These are mine own opinions and not of my company.)