Bug#397898: [Pkg-openldap-devel] Bug#397898: Openldap on Sarge
affected by known/fixed DoS?
Quanah Gibson-Mount
quanah at stanford.edu
Fri Nov 10 20:19:54 CET 2006
--On Friday, November 10, 2006 10:35 AM +0000 Roman Gaufman
<roman at 121media.com> wrote:
> Package: slapd
> Version: 2.2.23-8
>
> Penetration testing in the company of slapd installed on an up-to-date
> debian sarge showed that admins were able to make openldap crash using an
> exploit discovered years ago,
>
> http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740
> http://secunia.com/advisories/22750/
>
> Please let me know if you need any more details
I hardly think a DoS attack discovered two days ago qualifies as "an
exploit discovered years ago".
Also, in your follow-up email, you are confusing two different issue
reports -- 17446, and 20939. 17446 refers to a problem in Cyrus-SASL, not
OpenLDAP.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list