Critical Path Affected

Notified:  August 06, 2001 Updated: August 13, 2001

Status

Affected

Vendor Statement

Critical Path is committed to ensuring that all supported versions of the Directory Server are free of vulnerabilities of the type identified in the above referenced vulnerability note. The outcome of this will be at a minimum, a patch or upgrade to remove the vulnerability from each of the supported versions. Please visit Critical Path InJoin Directory Server support pages at (http://support.cp.net/CP_Buffer_Overflow_Vulnerability.doc) for details on workarounds and patch availability information for the potential vulnerabilities discovered in the InJoin Directory Server.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.