CVE-2001-1321

Currently unrated

Key Information:

Vendor: Oracle
Status: Internet Directory
Vendor: CVE Published:; 16 July 2001

Summary

Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.

References

http://www.cert.org/advisories/CA-2001-18.html

third-party-advisoryx_refsource_CERT

http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/l...

x_refsource_MISC

http://ciac.llnl.gov/ciac/bulletins/l-116.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

Timeline

Vulnerability Reserved
May 1, 2002
Vulnerability published
Jul 16, 2001