[Date Prev][Date Next]
Crashing the server via GSS/SASL (ITS#2627)
Full_Name: Mark A. Fox
Submission from: (NULL) (22.214.171.124)
Authentication using GSS/SASL in which the distinguished name has some extra
information attached (ie. /C=CA/O=Blah/CN=John D. Doe, Emailemail@example.com)
causes slapd to crash.
I'm not sure that it's the ',' the '=', or even the '@', but a certificate with
the above DN definitely causes slapd to crash.
This is potentially a large vulnerability as it would be easy to use it for a