[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 604/03 - NISCC Vulnerability Advisory 006489/X400



-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 604/03 dated 04.11.03  Time: 12:00
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

NISCC Vulnerability Advisory 006489/X400

Vulnerability Issues in Implementations of the X.400 Protocol

Version Information
- -------------------
Advisory Reference  006489/X400
Release Date        04 November 2003
Last Revision       03 November 2003
Version Number      1

What is affected?
- -----------------
The vulnerabilities described in this advisory affect the messaging
protocol X.400.  Many vendors include support for this protocol in their
products and may be impacted to varying degrees, if at all.  The web page
detailing this vulnerability includes any vendor specific information that
is available to us.

Please see http://www.uniras.gov.uk/vuls/2003/006489/x400.htm for further
information.

Severity
- --------
The severity of these vulnerabilities varies by vendor.  Please see the
vendor section below for further information.  Alternatively contact your
vendor for product specific information.

If exploited, these vulnerabilities could allow an attacker to create a
Denial of Service condition. There are indications that it may also be
possible for an attacker to execute code as a result of a buffer overflow.

Summary
- -------
During 2002 the University of Oulu Security Programming Group (OUSPG)
discovered a number of implementation specific vulnerabilities in the
Simple Network Management Protocol (SNMP).  Subsequent to this discovery,
NISCC has performed and commissioned further work on identifying
implementation specific vulnerabilities in related protocols that are
critical to the UK Critical National Infrastructure.  One of these
protocols is X.400.

NISCC has produced a set of test cases for X.400 and employed them in tests
against equipment supporting X.400.  Vendors of X.400 products have been
contacted and supplied with the test cases for use against their own
products.  These vendors' product lines cover a great deal of the existing
critical information infrastructure worldwide and have therefore been
addressed as a priority.  However, NISCC has subsequently contacted other
vendors whose products employ X.400 and provided them with the test cases.

All users of messaging products that utilise the X.400 protocol are
recommended to take note of this advisory and carry out any remedial
actions suggested by their vendor(s).

This advisory can be viewed on-line at:
http://www.uniras.gov.uk/vuls/2003/006489/x400.htm

[Please note that revisions to this advisory will not be routinely notified
by email.  All subscribers are advised to regularly check the URL above for
updates to this notice.]

Details
- -------
X.400 is an international standard protocol, published by the International
Telecommunications Union, that supports messaging applications.  As such it
is often found on corporate email/messaging servers and some email security
platforms.

Messages are exchanged utilising Basic Encoding Rules (BER) encoded ASN.1
data structures.  By crafting messages that do not correctly conform to the
X.400 ASN.1 definitions it may be possible to cause a receiving X.400 system
to behave in an anomalous way.  This could result in a Denial of Service
condition or potentially allow the execution of code embedded within the
crafted message.

Further detail will be released as it becomes available.

Solution
- --------
Please refer to the vendor information for platform specific remediation.

Vendor Information
- ------------------
A list of vendors affected by this vulnerability is not currently
available. Please visit this web page regularly in order to check for
updates.

Contact Information
- -------------------
The NISCC Vulnerability Management Team can be contacted as follows:

Email      vulteam@xxxxxxxxxxxx
           Please quote the advisory reference in the subject line

Telephone  +44 (0) 20 7821 1330 Ext 4511
           Monday - Friday 08:30 - 17:00 hrs

Fax        +44 (0) 20 7821 1686

Post       Vulnerability Management Team
           NISCC
           PO Box 832
           London
           SW1P 1BG

We encourage those who wish to communicate via email to make use of our PGP
key.  This is available from http://www.uniras.gov.uk/UNIRAS.asc

Please note that UK government protectively marked material should not be
sent to the email address above.

If you wish to be added to our email distribution list please email your
request to uniras@xxxxxxxxxxxxx

What is NISCC?
- --------------
For further information regarding the UK National Infrastructure Security
Co-ordination Centre, please visit:
http://www.niscc.gov.uk/aboutniscc/index.htm.

Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by NISCC. The views and
opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.

Neither shall NISCC accept responsibility for any errors or omissions
contained within this briefing notice. In particular, they shall not be
liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.

© 2003 Crown Copyright
<End of NISCC Vulnerability Advisory>


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via EMail to:
uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the canonical site
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBP6eRj4pao72zK539AQFMXAP/Zt/lhG2yw+6NnenJWkxj0ksXTub9q5nA
Ii8HLq/d4xUGw+A0SbWk/CLZgK4vfv8heoRYRpqbHcPj/Pa62xYOBpFJWPzUdi0p
fbtMVwZPC5OzJjeN4pXwby4iQlKzrr50YyStd9Ef2L3ach4uEU2T7yQm+NIRO3OB
p6dh25Ann3Q=
=ewA2
-----END PGP SIGNATURE-----