Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP BIND Denial of Service Vulnerability

Matthijs Mohlmann Wed, 08 Nov 2006 23:50:12 -0800

Quanah Gibson-Mount wrote:

--On Wednesday, November 08, 2006 3:45 PM -0800 Quanah Gibson-Mount<[EMAIL PROTECTED]> wrote:



--On Wednesday, November 08, 2006 3:02 PM -0800 Quanah Gibson-Mount
<[EMAIL PROTECTED]> wrote:

Upstream patch available at:

<http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c>

getdn.c  1.124.2.4 -> 1.124.2.5


Just to note, this bug can be brute-forced via any existing SASL mech, if
certain conditions are met.  I won't post what those conditions are. :P
So this is probably a fairly important patch to get put in place.


Debian should also pick up the following commit:

<http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/connection.c>
connection.c  1.296.2.17 -> 1.296.2.18

--Quanah


Hi,

I'll pick it up this evening.

Regards,

Matthijs Mohlmann



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP BIND Denial of Service Vulnerability

Reply via email to