--On Wednesday, November 08, 2006 10:53 PM +0100 Stefan Fritsch
<[EMAIL PROTECTED]> wrote:
Can you supply actual details? This statement isn't very useful
without them.
Ups. Of course:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779
http://secunia.com/advisories/22750
Proof of concept exploit (not tested) is at
http://gleg.net/vulndisco_meta.shtml
I think upstream should handle this, I've already contacted the other OL
developers.
Of course, this guy is using CRAM-MD5, which isn't even a support SASL mech
for OpenLDAP, so it is an interesting bug...
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
