Debian Security Advisory 1650-1 - Cameron Hotchkies discovered that the OpenLDAP server slapd, a free implementation of the Lightweight Directory Access Protocol, could be crashed by sending malformed ASN1 requests.
568dc8be8cc1ad6289e36e477c026cb537c04822f9e55859a972226ebfb46ac3A vulnerability allows remote attackers to deny services on vulnerable installations of OpenLDAP. Authentication is not required to exploit this vulnerability. The specific flaw exists in the decoding of ASN.1 BER network datagrams. When the size of a BerElement is specified incorrectly, the application will trigger an assert(), leading to abnormal program termination.
826dd8760f58a7442033869b73442fa313eff4808ff2cf50406dfb60620980f0Gentoo Linux Security Advisory GLSA 200808-09 - Cameron Hotchkies discovered an error within the parsing of ASN.1 BER encoded packets in the ber_get_next() function in libraries/liblber/io.c. Versions less than 2.3.43 are affected.
1f4168b40dfa4fef8ab399ecfb21e6e13e842ce6e17a8cebff30ea1fab76bfe7Ubuntu Security Notice 634-1 - Cameron Hotchkies discovered that OpenLDAP did not correctly handle certain ASN.1 BER data. A remote attacker could send a specially crafted packet and crash slapd, leading to a denial of service.
df29216b8146c701d7c35711d301368373094eeac7abc92664a2def7a9a4cd3fMandriva Linux Security Advisory - A denial of service vulnerability was discovered in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. The updated packages have been patched to correct this issue.
0086e0b69ef62cdf3040c7dbe542813ee38fad87afd143e3d4de43d040215a78
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed