Format String Vulnerability in Oracle Internet Directory Server
CVE-2001-0974

Currently unrated

Key Information:

Vendor: Oracle
Status: Internet Directory
Vendor: CVE Published:; 17 July 2001

What is CVE-2001-0974?

The vulnerability present in Oracle Internet Directory Server (versions 2.1.1.x and 3.0.1) stems from improper handling of format strings. This flaw could permit remote attackers to execute arbitrary code on the affected systems, demonstrating significant risk when exploited, especially as exhibited by the PROTOS LDAPv3 test suite. Organizations using these versions of Oracle Internet Directory Server should review their security posture and apply necessary patches.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/6903

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/3048

vdb-entryx_refsource_BID

http://www.cert.org/advisories/CA-2001-18.html

third-party-advisoryx_refsource_CERT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jan 31, 2002
Vulnerability published
Jul 17, 2001