[SNS Advisory No.41] iPlanet Messaging Server 5.1(evaluation copy) Buffer Overflow Vulnerability

From: snsadvat_private
Date: Sun Sep 02 2001 - 19:51:43 PDT

Next message: Рягин Михаил Юрьевич: "RE: Programmer claims MS eBook Reader Cracked"

Previous message: Benjamin Gardiner: "Possible Issue with Netinfo and Mac OS X"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------
SNS Advisory No.41
iPlanet Messaging Server 5.1(evaluation copy) Buffer Overflow Vulnerability

Problem first discovered: 6 Aug 2001
Published: Mon, 3 Sep 2001
----------------------------------------------------------------------

Overview:
---------
Netscape Administration Server, provided by iPlanet Messaging Server 5.0
as a console program for administration, has a buffer overflow
vulnerability. It allows remote users to execute arbitrary commands with
SYSTEM privilege.

Problem Description:
--------------------
iPlanet Messaging Server is designed to provide SMTP, IMAP4, POP3 and
Web-based mail services. Basic authorization is required when editing
user information registered on the server, then supplied username and
password are sent to the server after being base64 encoded. If long
strings are included in username, ns-admin.exe, which is binary of
Netscape Administration Server, will overflow. Therefore, this
vulnerability allows remote users to execute arbitrary commands with 
SYSTEM privilege.

Tested Version: 
---------------
iPlanet Messaging Server 5.1 evaluation copy

Tested on:
----------
Windows NT 4.0 Server + SP6a [English]

Solution:
---------
However, iPlanet has not commented on this problem because they do not 
offer the technical support for evaluation copy under any circumstances.
It is strongly recommended that you set up access control of Administration
Server to deny access to servers, in which iPlanet Messaging Server is 
installed by non-trusted users. After setting up, unauthorized hosts
cannot have access to the web site for editing user information.

Discovered by:
--------------
SNS Team (LAC / snsadvat_private)


Disclaimer:
-----------
All information in these advisories are subject to change without any 
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information. 

References
----------
Archive of this advisory(in preparation now):
	http://www.lac.co.jp/security/english/snsadv_e/41_e.html

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadvat_private>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/

Next message: Рягин Михаил Юрьевич: "RE: Programmer claims MS eBook Reader Cracked"
Previous message: Benjamin Gardiner: "Possible Issue with Netinfo and Mac OS X"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Sep 02 2001 - 22:32:42 PDT