[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5580) BER Decoding Remote DoS Vulnerability

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5580) BER Decoding Remote DoS Vulnerability
From: hyc@symas.com
Date: Fri, 27 Jun 2008 00:41:57 GMT

Howard Chu wrote:
> zdi-disclosures@tippingpoint.com wrote:
>> Full_Name: Cameron Hotchkies
>> Version: 2.3.41
>> OS: Gentoo Linux
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (66.179.208.36)
>>
>>
>> This vulnerability allows remote attackers to deny services on vulnerable
>> installations of OpenLDAP. Authentication is not required to exploit this
>> vulnerability.
>
> Thanks for the report, a fix is now in HEAD. Please test.

For future reference, it looks like this may have crept in in 2001, rev 
1.88/ITS#2465...

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#5580) BER Decoding Remote DoS Vulnerability
Next by Date: Re: (ITS#5578) sortvals error
Index(es):
- Chronological
- Thread