oss-sec mailing list archives
Re: openldap DoS
From: Josh Bressers <bressers () redhat com>
Date: Mon, 30 Jun 2008 13:19:22 -0400
On 30 June 2008, Ludwig Nussel wrote:
Hi, Remote unauthenticated attackers can trigger an assertion in the ASN.1 BER decoding of openlap and crash the server: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580
The patch is here it seems: http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.120&r2=1.121&hideattic=1&sortbydate=0 I'm adding Steve Christey to the CC for a CVE id. Thanks. -- JB
Current thread:
- openldap DoS Ludwig Nussel (Jun 30)
- Re: openldap DoS Josh Bressers (Jun 30)