changed notes changed state Open to Test moved from Incoming to Software Bugs
Full_Name: Serge Dubrouski Version: 2.4.23 OS: RedHat ES 5.5 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (208.30.65.103) I ound that ldp.exe tool that comes with Windows is able to successfully kill OpenLDAP 2.4.23 slapd server when one tries to modify DN and submits an empty old DN. No binding is necessary so even anonymous user can easily run a DOS attach against OpenLDAP. Log files in openldap show this: Dec 29 15:19:32 ottawa slapd[11818]: conn=1000 op=2 do_modrdn Dec 29 15:19:32 ottawa slapd[11818]: do_modrdn: dn () newrdn (C=US) newsuperior () Dec 29 15:19:32 ottawa slapd[11818]: >>> dnPrettyNormal: <> Dec 29 15:19:32 ottawa slapd[11818]: <<< dnPrettyNormal: <>, <> Dec 29 15:19:32 ottawa slapd[11818]: >>> dnPrettyNormal: <C=US> Dec 29 15:19:32 ottawa slapd[11818]: <<< dnPrettyNormal: <c=US>, <c=us> Dec 29 15:19:32 ottawa slapd[11818]: conn=1000 op=2 MODRDN dn=""
changed notes
changed notes changed state Test to Release
changed notes changed state Release to Closed
fixed in HEAD fixed in RE24