[Date Prev][Date Next]
Crashing the server via GSS/SASL (ITS#2627)
Full_Name: Mark A. Fox
Submission from: (NULL) (184.108.40.206)
Authentication using GSS/SASL in which the distinguished name has some extra
information attached (ie. /C=CA/O=Blah/CN=John D. Doe, Emailfirstname.lastname@example.org)
causes slapd to crash.
I'm not sure that it's the ',' the '=', or even the '@', but a certificate with
the above DN definitely causes slapd to crash.
This is potentially a large vulnerability as it would be easy to use it for a