COMMAND

	Netscape Directory LDAP multiple vulnerabilities

SYSTEMS AFFECTED

	All products including Netscape Directory server, all releases ??

PROBLEM

	In  SGI  security  advisory  [20011102-01-I],  also  see  CERT  advisory
	[http://www.cert.org/advisories/CA-2001-18.html]
	

	using                  LDAP                  test                  suite
	[http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/]
	

	--snip--
	

	In the encoding section of the PROTOS LDAPv3 test suite, these  products
	had an indeterminate number of failures in the group that tests  invalid
	BER length of length fields.
	

	In the application section  of  the  PROTOS  LDAPv3  test  suite,  these
	products  failed  four  groups  and  had  inconclusive  results  for  an
	additional five groups. The four failed groups indicate the presence  of
	buffer  overflow  vulnerabilities.  For  the  inconclusive  groups,  the
	product exhibited suspicious behavior while testing  for  format  string
	vulnerabilities.
	

	--snip--

SOLUTION

	See your vendor for patches