[Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP BIND
Denial of Service Vulnerability
Stefan Fritsch
sf at sfritsch.de
Wed Nov 8 21:40:27 CET 2006
Package: slapd
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been found in openldap:
"Evgeny Legerov has reported a vulnerability in OpenLDAP, which can be exploited
by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing certain BIND
requests. This can be exploited to cause a crash by sending specially crafted
BIND requests to an OpenLDAP server.
The vulnerability is reported in OpenLDAP version 2.2.29. Other versions may
also be affected."
More information about the Pkg-openldap-devel
mailing list