> -----Original Message----- > From: aleph1@securityfocus.com [mailto:aleph1@securityfocus.com] > Sent: Tuesday, July 17, 2001 4:55 PM > To: bugtraq@securityfocus.com > Subject: CERT Advisory CA-2001-18 > > > -----BEGIN PGP SIGNED MESSAGE----- > > CERT Advisory CA-2001-18 Multiple Vulnerabilities in Several > Implementations of the Lightweight Directory Access Protocol (LDAP) > > Original release date: July 16, 2001 > Last revised: -- > Source: CERT/CC > > A complete revision history can be found at the end of this file. > > Systems Affected We've just got confirmation that Critical Path's line of LDAP directories (http://www.cp.net/) are susceptible to the LDAP vulnerabilities in this CERT announcement. I am sending out this email to make sure that all ICL/Peerlogic i500 and InJoin/ GDS administrators are made aware of the vulnerabilities. Critical Path has not publicly announced this vulnerability yet, but I'm sure that hackers/crackers already know. I am disappointed in Critical Path for not even testing for these vulnerabilities until pressure was put on them through resellers and for not public ally announcing it so that administrators are made aware. If you are an administrator of one of these products, please contact Critical Path or your reseller to pressure Critical Path on providing the patches quickly. Also, if you have a public ally accessible LDAP server from Critical Path, I'd block it from the Internet until patches are installed. Ron Ogle (These are mine own opinions and not of my company.)
