Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779:
OpenLDAP BIND Denial of Service Vulnerability
Quanah Gibson-Mount
quanah at stanford.edu
Thu Nov 9 00:45:28 CET 2006
--On Wednesday, November 08, 2006 3:02 PM -0800 Quanah Gibson-Mount
<quanah at stanford.edu> wrote:
> Upstream patch available at:
>
> <http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c>
>
> getdn.c 1.124.2.4 -> 1.124.2.5
Just to note, this bug can be brute-forced via any existing SASL mech, if
certain conditions are met. I won't post what those conditions are. :P So
this is probably a fairly important patch to get put in place.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list