[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: About Buffer Overflows

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Re: About Buffer Overflows
From: ZhangPu <zhang@fjh.fujitsu.com>
Date: Tue, 22 Feb 2005 10:11:46 +0900
Cc: OpenLDAP <openldap-software@OpenLDAP.org>
In-reply-to: <6E5B2D3EC50E429CF3224642@cadabra-dsl.stanford.edu>
References: <20050222085149.D196.ZHANG@fjh.fujitsu.com> <6E5B2D3EC50E429CF3224642@cadabra-dsl.stanford.edu>

> I would note that OL 2.1.19 is quite old at this point 
> (and the OL 2.1 line is deprecated).
So does it mean OL 2.1 line is unsafe in buffer overflow problem? 
If use 2.1.19, buffer overflow may occur in somewhere which has 
not been detected (or you didn't know clearly)? 

Also you cannot assure that there isn't buffer overflow problem 
in the release from 2.2.0 to 2.2.22? But currently, the safer release 
is OL 2.2.23 or later.

Please give me suggestion. 

Thanks 
Pu

On Mon, 21 Feb 2005 16:26:47 -0800
Quanah Gibson-Mount <quanah@stanford.edu> wrote:

> I would assume that OpenLDAP 2.1 and 2.2 releases are safe from any 2.0 
> vulnerabilities.  I would note that OL 2.1.19 is quite old at this point 
> (and the OL 2.1 line is deprecated).  Also note that there is a different 
> problem in the OL 2.1 tree, and all OL releases prior to OL 2.2.23.  I 
> would suggest using OL 2.2.23 or later.
>

Follow-Ups:
- Re: About Buffer Overflows
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- Re: About Buffer Overflows
  - From: ZhangPu <zhang@fjh.fujitsu.com>
- Re: About Buffer Overflows
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: About Buffer Overflows
Next by Date: RE: 2.2.23 vs 2.3.1alpha speed compairisons
Index(es):
- Chronological
- Thread