oss-sec mailing list archives

Re: openldap DoS

From: Josh Bressers <bressers () redhat com>
Date: Tue, 01 Jul 2008 11:05:37 -0400

On 30 June 2008, Josh Bressers wrote:

On 30 June 2008, Ludwig Nussel wrote:

Hi,

Remote unauthenticated attackers can trigger an assertion in the ASN.1 BER
decoding of openlap and crash the server:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580


The patch is here it seems:
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.120&r2=1.121&hideattic=1&sortbydate=0


So It seems from my testing, this flaw does not trigger the assertion on
OpenLDAP version 2.0.27, but does on at least 2.2.13.

As upstream suggested this was added in version 1.88 of the io.c file, that
would suggest this flaw should affect OpenLDAP versions after 2.1.20 (don't
quote me on this, as I'm not completely sure, it could affect a few older
versions around 2.1.20).

Thanks.

-- 
    JB

Current thread:

Re: openldap DoS Josh Bressers (Jul 01)
- <Possible follow-ups>
- Re: openldap DoS Steven M. Christey (Jul 01)
  - Re: openldap DoS Nico Golde (Jul 13)
- Re: openldap DoS Ludwig Nussel (Jul 01)