Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Internet_directory | Oracle | 2.1.1 (including) | 2.1.1 (including) |
| Internet_directory | Oracle | 3.0.1 (including) | 3.0.1 (including) |
References
- http://www.cert.org/advisories/CA-2001-18.html
- http://www.ciac.org/ciac/bulletins/l-116.shtml
- http://www.kb.cert.org/vuls/id/869184
- http://www.securityfocus.com/bid/3048
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6903
- http://www.cert.org/advisories/CA-2001-18.html
- http://www.ciac.org/ciac/bulletins/l-116.shtml
- http://www.kb.cert.org/vuls/id/869184
- http://www.securityfocus.com/bid/3048
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6903