Secunia Security Advisory - A vulnerability has been reported in OpenLDAP, which can be exploited by malicious people to cause a DoS (Denial of Service).
336654e89b6e66c1b70e04a0b4077fa51beef71ab7e2ad13699468d731f29359
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
OpenLDAP ASN.1 BER Decoding Denial of Service
SECUNIA ADVISORY ID:
SA30853
VERIFY ADVISORY:
http://secunia.com/advisories/30853/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
SOFTWARE:
OpenLDAP 2.3.x
http://secunia.com/product/5943/
DESCRIPTION:
A vulnerability has been reported in OpenLDAP, which can be exploited
by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the
"ber_get_next()" function in libraries/liblber/io.c. This can be
exploited to trigger an "assert()" and terminate the "slapd" process
via a specially crafted ASN.1 BER encoded packet.
The vulnerability is reported in version 2.3.41. Other versions may
also be affected.
SOLUTION:
Use OpenLDAP in trusted networks only.
Fixed in the CVS repository.
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.120&r2=1.121
PROVIDED AND/OR DISCOVERED BY:
Reported by Cameron Hotchkies in an OpenLDAP bug report.
ORIGINAL ADVISORY:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------