Description
Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6898
Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3039
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.cert.org/advisories/CA-2001-18.html
Patch, Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I
Various Sources x_refsource_misc
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
Various Sources third-party-advisory
government-resource
x_refsource_ciac
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/276944
US Government Resource x_refsource_misc
http://www.kb.cert.org/vuls/id/JPLA-4WESMM
Scores
EPSS
0.1752
EPSS Percentile
95.2%
Details
Status
published
Products (1)
sun/iplanet_directory_server
< 4.1.4
Published
Jul 16, 2001
Tracked Since
Feb 18, 2026