154350 – net-nds/openldap - BIND Denial of Service Vulnerability

Bug 154350 - net-nds/openldap - BIND Denial of Service Vulnerability

Summary: net-nds/openldap - BIND Denial of Service Vulnerability

Status:	RESOLVED DUPLICATE of bug 154349

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Other

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/22750/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-11-07 04:54 UTC by Aarni Honka
Modified:	2006-11-07 06:29 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Aarni Honka 2006-11-07 04:54:14 UTC

TITLE:
OpenLDAP BIND Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA22750

VERIFY ADVISORY:
http://secunia.com/advisories/22750/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
OpenLDAP 2.2.x
http://secunia.com/product/5319/
OpenLDAP 2.1.x
http://secunia.com/product/1831/

DESCRIPTION:
Evgeny Legerov has reported a vulnerability in OpenLDAP, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when processing certain
BIND requests. This can be exploited to cause a crash by sending
specially crafted BIND requests to an OpenLDAP server.

The vulnerability is reported in OpenLDAP version 2.2.29. Other
versions may also be affected.

SOLUTION:
Restrict access to trusted people only.

PROVIDED AND/OR DISCOVERED BY:
Evgeny Legerov

Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-11-07 06:29:51 UTC


*** This bug has been marked as a duplicate of 154349 ***