Bugtraq mailing list archives

[SNS Advisory No.41] iPlanet Messaging Server 5.1(evaluation copy) Buffer Overflow Vulnerability

From: "snsadv () lac co jp" <snsadv () lac co jp>
Date: Sun, 02 Sep 2001 22:51:43 -0400

----------------------------------------------------------------------
SNS Advisory No.41
iPlanet Messaging Server 5.1(evaluation copy) Buffer Overflow Vulnerability

Problem first discovered: 6 Aug 2001
Published: Mon, 3 Sep 2001
----------------------------------------------------------------------

Overview:
---------
Netscape Administration Server, provided by iPlanet Messaging Server 5.0
as a console program for administration, has a buffer overflow
vulnerability. It allows remote users to execute arbitrary commands with
SYSTEM privilege.

Problem Description:
--------------------
iPlanet Messaging Server is designed to provide SMTP, IMAP4, POP3 and
Web-based mail services. Basic authorization is required when editing
user information registered on the server, then supplied username and
password are sent to the server after being base64 encoded. If long
strings are included in username, ns-admin.exe, which is binary of
Netscape Administration Server, will overflow. Therefore, this
vulnerability allows remote users to execute arbitrary commands with 
SYSTEM privilege.

Tested Version: 
---------------
iPlanet Messaging Server 5.1 evaluation copy

Tested on:
----------
Windows NT 4.0 Server + SP6a [English]

Solution:
---------
However, iPlanet has not commented on this problem because they do not 
offer the technical support for evaluation copy under any circumstances.
It is strongly recommended that you set up access control of Administration
Server to deny access to servers, in which iPlanet Messaging Server is 
installed by non-trusted users. After setting up, unauthorized hosts
cannot have access to the web site for editing user information.

Discovered by:
--------------
SNS Team (LAC / snsadv () lac co jp)


Disclaimer:
-----------
All information in these advisories are subject to change without any 
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information. 

References
----------
Archive of this advisory(in preparation now):
        http://www.lac.co.jp/security/english/snsadv_e/41_e.html

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv () lac co jp>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/

Current thread:

[SNS Advisory No.41] iPlanet Messaging Server 5.1(evaluation copy) Buffer Overflow Vulnerability snsadv () lac co jp (Sep 02)