Australia's Leading Computer Emergency Response Team

AA-2006.0100 -- [Win][UNIX/Linux] -- Multiple vulnerabilities patched in Hitachi Directory Server
Date: 22 December 2006
Original URL: http://www.auscert.org.au/render.html?cid=33&it=7142

Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AA-2006.0100                  AUSCERT Advisory

                             [Win][UNIX/Linux]
       Multiple vulnerabilities patched in Hitachi Directory Server
                             22 December 2006
- ---------------------------------------------------------------------------

        AusCERT Advisory Summary
        ------------------------

Product:              Hitachi Directory Server version 2
Operating System:     AIX
                      HP-UX
                      Linux variants
                      Solaris
                      Windows
Impact:               Execute Arbitrary Code/Commands
                      Denial of Service
Access:               Remote/Unauthenticated
Member content until: Friday, January 19 2007

Original Bulletin:    
http://www.hitachi-support.com/security_e/vuls_e/HS06-018_e/index-e.html


OVERVIEW:
        
        Multiple vulnerabilities have been announced in the Hitachi 
        Directory Server which may result in the execution of arbitrary code 
        and/or a denial of service.


IMPACT: 

        Sending specially crafted LDAP requests results in memory leaks 
        and buffer overflows. These vulnerabilities may be exploited to 
        execute arbitrary code or cause a denial of service of the Directory 
        Server.


MITIGATION:

        A non-vulnerable release of Hitachi Directory Server has been 
        released correcting these issues. Administrators are encouraged to 
        upgrade to versions 02-11-/K or 02-10-/V. More information can be 
        found on the Hitachi web site [1].


REFERENCES:

        [1] HS06-018; Multiple Vulnerabilities of the LDAP Server
            Solutions for Hitachi Directory Server Version 2
            http://www.hitachi-support.com/security_e/vuls_e/HS06-018_e/01-e.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRYtBYih9+71yA2DNAQKRCgP/Yhc/eS/+Hxl7/VKYsGz41WBp4UUc2mKn
iwbxbR1TBUZjTDwzEyHtEJiTQl/SWc+7TD5bZRFirGxs3Cbr/sgnOx5dc4sexdhS
4DNYp6D6tuDd39Jrg4gH8PPvUgslEj7Nq5qTYy8QkvAj/3e2kFrzQy7sCb1cTLKJ
ZXUdKhAOhaU=
=pOOt
-----END PGP SIGNATURE-----