Preemptive Protection against OpenLDAP Remote Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2006-152 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA23334 | |
| Industry Reference(s): | CVE-2006-6493 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? OpenLDAP version 2.3.30 and prior | ||
| Vulnerability Description A denial of service vulnerability exists in OpenLDAP. OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol (LDAP). The vulnerability could be exploited by remote attackers to crash the service or execute arbitrary code via a specially crafted LDAP request to an affected LDAP server. |
||
|
Vulnerability Details The vulnerability is due to a boundary error in the 'krbv4_ldap_auth()' function in OpenLDAP servers 'slapd/kerberos.c' that fails to properly process overly long requests. Remote attackers can exploit this issue by sending specially crafted BIND requests to a vulnerable OpenLDAP server and causing it to crash. Successful exploitation may allow execution of arbitrary code on the vulnerable system. |
Protection Overview
Users are protected against this vulnerability if the LDAP protection for blocking multiple remote denial of service vulnerabilities addressed in the Protection section of CPAI-2006-039 has been applied.
The protection blocks specially crafted LDAP requests that may lead to a denial of service condition (DoS) on the affected LDAP server. No update is required to address this vulnerability.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > LDAP > LDAP Server Remote DoS.
2. In the LDAP Server Remote DoS configuration pane, under LDAP Server Remote DoS settings > Mode, check Active.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: LDAP Protections
Attack Information: LDAP Server Remote DoS Exploit Attempt Detected
VPN-1 NGX R61, VPN-1 NGX R60, VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
Users of the versions mentioned above are protected against this vulnerability if the Protection outlined in CPAI-2006-039 has been applied.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: LDAP Protections
Attack Information: LDAP Server Remote DoS Exploit Attempt Detected
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
Users of the versions mentioned above are protected against this vulnerability if the Protection outlined in CPAI-2006-039 has been applied.
How Do I Know if My Network is Under Attack?
Rule #99389 will appear on the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
Users of the versions mentioned above are protected against this vulnerability if the Protection outlined in CPAI-2006-039 has been applied.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: LDAP Protections
Attack Information: LDAP Server Remote DoS Exploit Attempt Detected
InterSpect 2.0
How Can I Protect My Network?
Users of the versions mentioned above are protected against this vulnerability if the Protection outlined in CPAI-2006-039 has been applied.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: LDAP Protections
Attack Information: LDAP Server Remote DoS Exploit Attempt Detected