Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.
References
Link | Resource |
---|---|
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml | Patch Vendor Advisory |
http://www.cert.org/advisories/CA-2001-18.html | Third Party Advisory US Government Resource |
http://www.kb.cert.org/vuls/id/869184 | US Government Resource |
http://www.kb.cert.org/vuls/id/JPLA-4WESNV | US Government Resource |
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ |
Configurations
Configuration 1 (hide)
|
Information
Published : 2001-07-15 21:00
Updated : 2008-09-05 13:26
NVD link : CVE-2001-1321
Mitre link : CVE-2001-1321
JSON object : View
CWE
Products Affected
oracle
- internet_directory