OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: snsadvlac.co.jp
Date: Sun Sep 02 2001 - 21:51:43 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ----------------------------------------------------------------------
    SNS Advisory No.41
    iPlanet Messaging Server 5.1(evaluation copy) Buffer Overflow Vulnerability

    Problem first discovered: 6 Aug 2001
    Published: Mon, 3 Sep 2001
    ----------------------------------------------------------------------

    Overview:
    ---------
    Netscape Administration Server, provided by iPlanet Messaging Server 5.0
    as a console program for administration, has a buffer overflow
    vulnerability. It allows remote users to execute arbitrary commands with
    SYSTEM privilege.

    Problem Description:
    --------------------
    iPlanet Messaging Server is designed to provide SMTP, IMAP4, POP3 and
    Web-based mail services. Basic authorization is required when editing
    user information registered on the server, then supplied username and
    password are sent to the server after being base64 encoded. If long
    strings are included in username, ns-admin.exe, which is binary of
    Netscape Administration Server, will overflow. Therefore, this
    vulnerability allows remote users to execute arbitrary commands with
    SYSTEM privilege.

    Tested Version:
    ---------------
    iPlanet Messaging Server 5.1 evaluation copy

    Tested on:
    ----------
    Windows NT 4.0 Server + SP6a [English]

    Solution:
    ---------
    However, iPlanet has not commented on this problem because they do not
    offer the technical support for evaluation copy under any circumstances.
    It is strongly recommended that you set up access control of Administration
    Server to deny access to servers, in which iPlanet Messaging Server is
    installed by non-trusted users. After setting up, unauthorized hosts
    cannot have access to the web site for editing user information.

    Discovered by:
    --------------
    SNS Team (LAC / snsadvlac.co.jp)

    Disclaimer:
    -----------
    All information in these advisories are subject to change without any
    advanced notices neither mutual consensus, and each of them is released
    as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
    caused by applying those information.

    References
    ----------
    Archive of this advisory(in preparation now):
            http://www.lac.co.jp/security/english/snsadv_e/41_e.html

    ------------------------------------------------------------------
    Secure Net Service(SNS) Security Advisory <snsadvlac.co.jp>
    Computer Security Laboratory, LAC http://www.lac.co.jp/security/