Apple Computer Inc. Not Affected

Notified:  December 09, 2004 Updated: January 14, 2005

Status

Not Affected

Vendor Statement

Mac OS X v10.2.x and Mac OS X Server v10.2.x or earlier are not affected by this issue as they do not contain the vulnerable versions of the LDAP server. Mac OS X v10.3.x and Mac OS X Server v10.3.x are not affected by this issue in their supported configurations.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Conectiva Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Cray Inc. Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Cybozu Not Affected

Notified:  December 10, 2004 Updated: January 13, 2005

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Debian Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

EMC Corporation Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Engarde Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

F5 Networks Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

FreeBSD Unknown

Notified:  December 09, 2004 Updated: December 16, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Fujitsu Unknown

Notified:  December 10, 2004 Updated: January 13, 2005

Status

Unknown

Vendor Statement

Related information will be published on http://software.fujitsu.com/jp/security/vuls/vuls.html#1BF8D7AA_ldap

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Hewlett-Packard Company Affected

Notified:  December 09, 2004 Updated: January 11, 2005

Status

Affected

Vendor Statement

HP has released a Security Bulletin to address this issue. For further information, please refer to the following URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_HPSBUX01105

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Hitachi Affected

Notified:  December 10, 2004 Updated: January 13, 2005

Status

Affected

Vendor Statement

Hitachi Directory Server Version 2 is vulnerable to this issue. More details are available at http://www.hitachi-support.com/security_e/vuls_e/HS05-001_e/index-e.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Immunix Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Ingrian Networks Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Juniper Networks Not Affected

Notified:  December 09, 2004 Updated: January 11, 2005

Status

Not Affected

Vendor Statement

Juniper Networks products are not susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Lotus Software Not Affected

Notified:  December 09, 2004 Updated: December 16, 2004

Status

Not Affected

Vendor Statement

The IBM Lotus Domino server is not vulnerable to this LDAP issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

MandrakeSoft Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Microsoft Corporation Unknown

Notified:  December 09, 2004 Updated: January 05, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

MontaVista Software Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

NEC Corporation Not Affected

Notified:  December 10, 2004 Updated: January 13, 2005

Status

Not Affected

Vendor Statement

Related information is published on http://www.sw.nec.co.jp/psirt/bnin2005.html#1

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

NETBSD Unknown

Notified:  December 09, 2004 Updated: December 16, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Netscape Communications Corporation Affected

Updated:  January 11, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

A statement provided by Red Hat concerning Netscape Directory Server version 6.21 and earlier can be found at the following URL: https://www.kb.cert.org/vulcatalog/id/SSTT-67PTDF

Nokia Unknown

Notified:  December 09, 2004 Updated: December 16, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Nortel Networks Unknown

Notified:  December 14, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Novell Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

OpenLDAP Not Affected

Notified:  December 09, 2004 Updated: January 11, 2005

Status

Not Affected

Vendor Statement

The OpenLDAP Project has evaluated OpenLDAP Software 2.2.17 (current "stable" version) and OpenLDAP Software 2.2.19 (current "release" version) as well as development and release engineering sources, as distributed by the OpenLDAP Project. We found that long attribute names in LDAP request PDUs do not cause a buffer overflow, nor even lead to unexpected behavior (regardless of whether the long attribute name is defined or not in the subschema). The OpenLDAP Project did not evaluate older versions of OpenLDAP Software. As these versions are no longer maintained by the OpenLDAP Project, the OpenLDAP Project recommends (irregardless of this issue) that users of these versions consider upgrading to a current version. The OpenLDAP Project also did not evaluate any 3rd party software, including software based upon (in any fashion) OpenLDAP Software.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Openwall GNU/*/Linux Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Oracle Corporation Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

PADL Software Unknown

Notified:  December 14, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

QUALCOMM Unknown

Notified:  December 14, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Quality Not Affected

Notified:  December 10, 2004 Updated: January 13, 2005

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Red Hat Inc. Affected

Notified:  December 09, 2004 Updated: January 10, 2005

Status

Affected

Vendor Statement

Vendor Statement: Red Hat, Inc: Netscape Directory Server version 6.21 and earlier are vulnerable to this issue. In December 2004 Red Hat aquired the Netscape Directory Server product from America Online, Inc. Patches are available by contacting the Red Hat Security Response Team by email at secalert@redhat.com. More details are available at http://rhn.redhat.com/errata/RHSA-2005-030.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SCO Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SGI Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Sony Corporation Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SuSE Inc. Not Affected

Notified:  December 09, 2004 Updated: January 11, 2005

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Teamware Unknown

Notified:  December 14, 2004 Updated: December 17, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Trend Micro Unknown

Notified:  December 10, 2004 Updated: January 13, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Unisys Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Wind River Systems Inc. Unknown

Notified:  December 09, 2004 Updated: December 15, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

View all 41 vendors View less vendors