CVE-2001-1321

Name of the Vulnerable Software and Affected Versions: Oracle Internet Directory Server versions 2.1.1.x through 3.0.1

Description: The issue allows remote attackers to cause a denial of service, potentially leading to a crash, and may also enable the execution of arbitrary code. This is achieved through the use of invalid encodings of BER OBJECT-IDENTIFIER values.

Recommendations: For Oracle Internet Directory Server versions 2.1.1.x through 3.0.1, consider restricting access to the server to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the use of BER OBJECT-IDENTIFIER values to prevent potential crashes and arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.