Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Teamware_office | Teamware | 5.0 (including) | 5.0 (including) |
| Teamware_office | Teamware | 5.1 (including) | 5.1 (including) |
| Teamware_office | Teamware | 5.2 (including) | 5.2 (including) |
| Teamware_office | Teamware | 5.3 (including) | 5.3 (including) |
| Teamware_office | Teamware | 5.4 (including) | 5.4 (including) |
References
- http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
- http://www.cert.org/advisories/CA-2001-18.html
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
- http://www.kb.cert.org/vuls/id/688960
- http://www.kb.cert.org/vuls/id/JPLA-4WESNA
- http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
- http://www.cert.org/advisories/CA-2001-18.html
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
- http://www.kb.cert.org/vuls/id/688960
- http://www.kb.cert.org/vuls/id/JPLA-4WESNA