[Pkg-openldap-devel] Bug#553432: Bug#553432: CVE-2009-3767: Doesn't properly handle NULL character in subject Common Name
Quanah Gibson-Mount
quanah at zimbra.com
Sat Oct 31 15:47:21 UTC 2009
--On Saturday, October 31, 2009 10:57 AM +0100 Giuseppe Iuculano
<iuculano at debian.org> wrote:
> Package: openldap
> Severity: grave
> Tags: security patch
This was fixed in OpenLDAP 2.4.18 (Just to note).
Also, how easily someone can set up a rogue LDAP server masquarading as
someone else's ldap server seems not particularly simple to do. I.e., this
requires someone to set up an LDAP server with a bad cert, and then
intercept someone elses ldap client traffic to that server.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the Pkg-openldap-devel
mailing list