| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 28 Jan 2006 10:15:17 +0300 (MSK) From: Evgeny Legerov <research@...g.net> To: full-disclosure@...ts.grok.org.uk Cc: bugtraq@...urityfocus.com Subject: Multiple vulnerabilities in CommuniGate Pro Server I. DESCRIPTION CommuniGate Pro Core Server from CommuniGate Systems provides robust cross-platform groupware applications, enabling a cost effective, easy to manage communications platform. For more info visit http://www.stalker.com II. DETAILS During testing of CommuniGate Pro Server 5.0.6 using ProtoVer LDAP testsuite version 1.1 multiple vulnerabilities in LDAP component of CommuniGate Pro have been uncovered. The vulnerabilities could be used by a remote unauthenticated attacker to crash the server or in the worst case to execute the arbitrary code. III. VENDOR RESPONSE The vendor has released 5.0.7 version which addresses these issues. Quote from http://www.stalker.com/CommuniGatePro/History.html: """ 5.0.7 27-Jan-05 Bug Fix: Foundation: 3.0: Negative BER lengths were processed incorrectly. """ IV. HISTORY 24 Jan 2006 - initial vendor contact 25 Jan 2006 - vendor received a fully-functional trial of ProtoVer LDAP testsuite 26 Jan 2006 - vendor successfully reproduced the problems 27 Jan 2006 - vendor released the fixed version V. CREDIT All these issues were found using GLEG Ltd's ProtoVer LDAP testsuite: http://www.gleg.net/protover_ldap.shtml _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists