Buffer Overflow Condition in Netscape Directory Server

Reported March 7, 2001, by @stake.


  • Netscape Directory Server 4.11 for Windows NT

  • Netscape Directory Server 4.12 for Windows NT

  • Netscape Messaging Server 4.15 for Windows NT

  • iPlanet Messaging Server 5.0 for Windows NT


The Netscape Directory Server that comes with Netscape Messaging Server 4.15 Service Pack 3 (SP3) is vulnerable to a buffer overflow condition if a malicious attacker sends a specially crafted query. This overflow condition results in either a Denial of Service (DoS) attack or arbitrary execution of code on the server. Netscape Directory Server 4.12 is also vulnerable to the same DoS overflow, but an attacker cannot execute code this way. An intruder connecting to the SMTP service can trigger the overflow condition by using a mangled recipient name in the RCPT TO: field. The problem occurs when the intruder enters excessive quote mark (") characters. After sending a message with the mangled recipient field, the SMTP service connects to the Netscape Directory Server to run queries; the overflow then occurs. @stake has made an advisory available at http://www.atstake.com/research/advisories/2001/a030701-1.txt detailing this vulnerability.



iPlanet Directory Server Support recommends an immediate upgrade to Netscape Directory Server 4.13 from all versions. For Netscape Messaging Server 4.15 users, upgrading to 4.13 and applying Patch 4 is recommended. iPlanet customers can obtain these updates and patches through normal iPlanet support channels.

Discovered by Frank Swiderski of @stake, Inc.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.