[Date Prev][Date Next] [Chronological] [Thread] [Top]

Crashing the server via GSS/SASL (ITS#2627)

To: openldap-its@OpenLDAP.org
Subject: Crashing the server via GSS/SASL (ITS#2627)
From: mfox@cpsc.ucalgary.ca
Date: Thu, 3 Jul 2003 16:20:06 GMT

Full_Name: Mark A. Fox
Version: 2.0.23
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (136.159.7.184)


Authentication using GSS/SASL in which the distinguished name has some extra
information attached (ie. /C=CA/O=Blah/CN=John D. Doe, Email=johndoe@doe.org)
causes slapd to crash.

I'm not sure that it's the ',' the '=', or even the '@', but a certificate with
the above DN definitely causes slapd to crash.

This is potentially a large vulnerability as it would be easy to use it for a
DOS attack.

Prev by Date: Patch for OpenLDAP to use gnutls instead of OpenSSL (ITS#2628)
Next by Date: RE: Crashing the server via GSS/SASL (ITS#2627)
Index(es):
- Chronological
- Thread