Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Sun Directory Server 7.0 core_get_proxyauth_dn DoS

From: Evgeny Legerov <admin () intevydis com>
Date: Mon, 11 Jan 2010 01:31:52 +0300
Hello,

It is a simple null pointer dereference which can be used to crash ns-slapd.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb1b47b90 (LWP 10233)]
0xb80098c4 in core_get_proxyauth_dn () from /opt/sun/dsee7/lib/libslapd.so
(gdb) bt
#0  0xb80098c4 in core_get_proxyauth_dn () from /opt/sun/dsee7/lib/libslapd.so
(gdb) x/i $eip
0xb80098c4 :    cmpb   $0x4,(%eax)
(gdb) i r eax
eax            0x0      0
(gdb) 

More info and proof of concept code on our blog - http://www.intevydis.com/blog/?p=124

Regards,
-evgeny


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: