Multiple vulnerabilities in the LDAP component of CommuniGate Pro Server version 5.0.6 have been uncovered.
c122b73e3f2aa436f247e447fbdaab96d30da06836b9880f9e41cca5aa1015ed
I. DESCRIPTION
CommuniGate Pro Core Server from CommuniGate Systems provides robust cross-platform
groupware applications, enabling a cost effective, easy to manage communications platform.
For more info visit http://www.stalker.com
II. DETAILS
During testing of CommuniGate Pro Server 5.0.6 using ProtoVer LDAP testsuite version 1.1
multiple vulnerabilities in LDAP component of CommuniGate Pro have been uncovered.
The vulnerabilities could be used by a remote unauthenticated attacker to crash
the server or in the worst case to execute the arbitrary code.
III. VENDOR RESPONSE
The vendor has released 5.0.7 version which addresses these issues.
Quote from http://www.stalker.com/CommuniGatePro/History.html:
"""
5.0.7 27-Jan-05
Bug Fix: Foundation: 3.0: Negative BER lengths were processed incorrectly.
"""
IV. HISTORY
24 Jan 2006 - initial vendor contact
25 Jan 2006 - vendor received a fully-functional trial of ProtoVer LDAP testsuite
26 Jan 2006 - vendor successfully reproduced the problems
27 Jan 2006 - vendor released the fixed version
V. CREDIT
All these issues were found using GLEG Ltd's ProtoVer LDAP testsuite:
http://www.gleg.net/protover_ldap.shtml