CVE-2006-0468

Name of the Vulnerable Software and Affected Versions CommuniGate Pro Server versions 5.0.6 and prior

Description The issue is caused by errors in the LDAP component during handling of negative length values in the Basic Encoding Rules (BER) length fields. This can be exploited to cause a denial of service and may allow arbitrary code execution via a specially-crafted LDAP request. A remote attacker can send a specially formed LDAP packet to cause the denial of service or execute arbitrary code on the target system.

Recommendations For CommuniGate Pro Server versions 5.0.6 and prior, update to version 5.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the LDAP component until a patch is available. Avoid using the LDAP component with untrusted input until the issue is resolved.