Software Engineering Institute

A buffer overflow flaw exists in the way that the Lightweight Directory Access Protocol (LDAP) server included with the IMail Server handles messages with overly long tags. This results in a vulnerability that can be exploited by a remote attacker who has the ability to supply a specially crafted message to the server.

NOTE: The CERT/CC is aware of publicly available exploit code for this vulnerability and has received reports of active reconnaissance for, and exploitation of, vulnerable systems.

A remote attacker may be able to execute arbitrary code in the context of Administrator on vulnerable systems running Windows 2000 or Windows XP. Furthermore, successful exploitation has been reported to cause the LDAP service to crash, resulting in a denial-of-service condition.

Apply a patch from the vendor

Ipswitch has released patches to address this vulnerability. Please see the Systems Affected section of this document for more details.

Filter network traffic for the LDAP service

Block or restrict access to the LDAP service (389/tcp) on affected systems from untrusted networks such as the Internet. Sites, particularly those who are not able to apply the patches, are encouraged to consider implementing this workaround. Note that this change may break some desired functionality depending on particular site configuration details. As a general rule and a matter of good security practice, the CERT/CC recommends blocking access to all services that are not explicitly required.