Remote Code Execution Vulnerability in Oracle Internet Directory Server
CVE-2001-1321

Currently unrated

Key Information:

Vendor: Oracle
Status: Internet Directory
Vendor: CVE Published:; 16 July 2001

What is CVE-2001-1321?

The Oracle Internet Directory Server versions 2.1.1.x and 3.0.1 are susceptible to a vulnerability that allows remote attackers to induce a denial of service. This can be executed through the manipulation of invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated in testing by the PROTOS LDAPv3 test suite. Successful exploitation could lead to a crash of the server and may allow the attacker to execute arbitrary code.

References

http://www.cert.org/advisories/CA-2001-18.html

third-party-advisoryx_refsource_CERT

http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/l...

x_refsource_MISC

http://ciac.llnl.gov/ciac/bulletins/l-116.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

Timeline

Vulnerability Reserved
May 1, 2002
Vulnerability published
Jul 16, 2001