Preemptive Protection agains Apple Open Directory Denial of Service Vulnerability

Vulnerability
Protection

Check Point Reference:	CPAI-2006-091
Date Published:
Severity:
Last Updated:
Source:	MU Security
Industry Reference(s):	CVE-2006-1470 US-CERT VU#652196
Protection Provided by:	VPN-1 NGX R61 NGX R60 NG with Application Intelligence R55W NG with Application Intelligence R55 VSX NGX InterSpect NGX 2.0 and 1.x
Who is Vulnerable? OSX 10.4.4 through 10.4.6
Vulnerability Description The OpenLDAP software allows LDAP-aware programs on a network to get information from a server. Apple uses OpenLDAP as a part of their Open Directory product. An error in the implementation of OpenLDAP may allow a remote attacker with the ability to send a malformed LDAP request to cause Open Directory server to crash.

Update/Patch Available Upgrade to OSX 10.4.7 at: http://docs.info.apple.com/article.html?artnum=61798
Vulnerability Details An assertion error exists in the implementation of Open-LDAP. An attacker may send a malformed LDAP message which triggers the assertion and cause a denial-of-service condition.

Protection Overview
SmartDefense blocks specially crafted LDAP requests that may lead to a denial of service condition (DoS) on the affected LDAP server. This protection was provided on April 27, 2006. For more information, see CPAI-2006-039.

To configure the defense, select your product from the list below and follow the related protection steps.

VPN-1 (R55 and above), VSX NGX, InterSpect NGX, 2.0

How Can I Protect My Network?
Users of VPN-1 NG with Application Intelligence R55 and above, users of VSX NGX and users of InterSpect NGX & 2.0 are protected against this vulnerability if the solution outlined in CPAI-2006-039 has been applied.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: LDAP Protections
Attack Information: LDAP Server Remote DoS Exploit Attempt Detected

Legal Notice for Threat Center Advisories