lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060128071517.C4E8723E6B5@dzeta.agava.net>
Date: Sat Jan 28 07:15:25 2006
From: research at gleg.net (Evgeny Legerov)
Subject: Multiple vulnerabilities in CommuniGate Pro
	Server 

I. DESCRIPTION

CommuniGate Pro Core Server from CommuniGate Systems provides robust cross-platform 
groupware applications, enabling a cost effective, easy to manage communications platform. 

For more info visit http://www.stalker.com

II. DETAILS

During testing of CommuniGate Pro Server 5.0.6 using ProtoVer LDAP testsuite version 1.1 
multiple vulnerabilities in LDAP component of CommuniGate Pro have been uncovered. 

The vulnerabilities could be used by a remote unauthenticated attacker to crash 
the server or in the worst case to execute the arbitrary code.

III. VENDOR RESPONSE

The vendor has released 5.0.7 version which addresses these issues.
Quote from http://www.stalker.com/CommuniGatePro/History.html:

"""
5.0.7 27-Jan-05 
Bug Fix: Foundation: 3.0: Negative BER lengths were processed incorrectly.
"""

IV. HISTORY

24 Jan 2006 - initial vendor contact
25 Jan 2006 - vendor received a fully-functional trial of ProtoVer LDAP testsuite
26 Jan 2006 - vendor successfully reproduced the problems
27 Jan 2006 - vendor released the fixed version

V. CREDIT

All these issues were found using GLEG Ltd's ProtoVer LDAP testsuite:
http://www.gleg.net/protover_ldap.shtml

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ