[22493] in bugtraq
[SNS Advisory No.41] iPlanet Messaging Server 5.1(evaluation copy) Buffer Overflow Vulnerability
daemon@ATHENA.MIT.EDU (snsadv@lac.co.jp)
Mon Sep 3 01:34:28 2001
Date: Sun, 02 Sep 2001 22:51:43 -0400
From: "snsadv@lac.co.jp" <snsadv@lac.co.jp>
To: BUGTRAQ <BUGTRAQ@securityfocus.com>
Message-Id: <20010902225136.1C4D.SNSADV@lac.co.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
----------------------------------------------------------------------
SNS Advisory No.41
iPlanet Messaging Server 5.1(evaluation copy) Buffer Overflow Vulnerability
Problem first discovered: 6 Aug 2001
Published: Mon, 3 Sep 2001
----------------------------------------------------------------------
Overview:
---------
Netscape Administration Server, provided by iPlanet Messaging Server 5.0
as a console program for administration, has a buffer overflow
vulnerability. It allows remote users to execute arbitrary commands with
SYSTEM privilege.
Problem Description:
--------------------
iPlanet Messaging Server is designed to provide SMTP, IMAP4, POP3 and
Web-based mail services. Basic authorization is required when editing
user information registered on the server, then supplied username and
password are sent to the server after being base64 encoded. If long
strings are included in username, ns-admin.exe, which is binary of
Netscape Administration Server, will overflow. Therefore, this
vulnerability allows remote users to execute arbitrary commands with
SYSTEM privilege.
Tested Version:
---------------
iPlanet Messaging Server 5.1 evaluation copy
Tested on:
----------
Windows NT 4.0 Server + SP6a [English]
Solution:
---------
However, iPlanet has not commented on this problem because they do not
offer the technical support for evaluation copy under any circumstances.
It is strongly recommended that you set up access control of Administration
Server to deny access to servers, in which iPlanet Messaging Server is
installed by non-trusted users. After setting up, unauthorized hosts
cannot have access to the web site for editing user information.
Discovered by:
--------------
SNS Team (LAC / snsadv@lac.co.jp)
Disclaimer:
-----------
All information in these advisories are subject to change without any
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.
References
----------
Archive of this advisory(in preparation now):
http://www.lac.co.jp/security/english/snsadv_e/41_e.html
------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@lac.co.jp>
Computer Security Laboratory, LAC http://www.lac.co.jp/security/
