Reported October 31, 2000 by CORE SDI

VERSIONS AFFECTED
  • Netscape Certificate Management System 4.2
  • Netscape Directory Server 4.12

DESCRIPTION

A problem with multiple components of the Netscape Server suite allows a malicious attacker to conduct denial of service attacks on systems running Netscape Server software.  

DEMONSTRATION

By sending the following URL to the listening Directory Services Gateway TCP Port on a server running Netscape Directory Server or Netscape Certificate Management System a malicious user can cause an exception error and the system will stop responding.

http://systemrunningnetscape:24326/dsgw/bin/search?context=%

VENDOR RESPONSE

Unfortunately, Netscape Communications/AOL has been very unresponsive about this issue.  The vendor has been notified by multiple parties but no public response has been given.

CREDIT
Discovered by CORE SDI