Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP
BIND Denial of Service Vulnerability
Matthijs Mohlmann
matthijs at cacholong.nl
Thu Nov 9 08:23:08 CET 2006
Quanah Gibson-Mount wrote:
>
>
> --On Wednesday, November 08, 2006 3:45 PM -0800 Quanah Gibson-Mount
> <quanah at stanford.edu> wrote:
>
>>
>>
>> --On Wednesday, November 08, 2006 3:02 PM -0800 Quanah Gibson-Mount
>> <quanah at stanford.edu> wrote:
>>
>>> Upstream patch available at:
>>>
>>> <http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c>
>>>
>>> getdn.c 1.124.2.4 -> 1.124.2.5
>>
>> Just to note, this bug can be brute-forced via any existing SASL mech, if
>> certain conditions are met. I won't post what those conditions are. :P
>> So this is probably a fairly important patch to get put in place.
>
> Debian should also pick up the following commit:
>
> <http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/connection.c>
> connection.c 1.296.2.17 -> 1.296.2.18
>
> --Quanah
>
Hi,
I'll pick it up this evening.
Regards,
Matthijs Mohlmann
More information about the Pkg-openldap-devel
mailing list