Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP
BIND Denial of Service Vulnerability
Quanah Gibson-Mount
quanah at stanford.edu
Wed Nov 8 22:49:13 CET 2006
--On Wednesday, November 08, 2006 9:40 PM +0100 Stefan Fritsch
<sf at sfritsch.de> wrote:
> Package: slapd
> Severity: grave
> Tags: security
> Justification: user security hole
>
> A vulnerability has been found in openldap:
> "Evgeny Legerov has reported a vulnerability in OpenLDAP, which can be
> exploited by malicious people to cause a DoS (Denial of Service).
>
> The vulnerability is caused due to an error when processing certain BIND
> requests. This can be exploited to cause a crash by sending specially
> crafted BIND requests to an OpenLDAP server.
>
> The vulnerability is reported in OpenLDAP version 2.2.29. Other versions
> may also be affected."
Can you supply actual details? This statement isn't very useful without
them.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list