oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: openldap DoS

From: Josh Bressers <bressers () redhat com>
Date: Mon, 30 Jun 2008 13:19:22 -0400
On 30 June 2008, Ludwig Nussel wrote:

Hi,

Remote unauthenticated attackers can trigger an assertion in the ASN.1 BER
decoding of openlap and crash the server:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580



The patch is here it seems:
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.120&r2=1.121&hideattic=1&sortbydate=0

I'm adding Steve Christey to the CC for a CVE id.

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: