--On Friday, November 10, 2006 10:35 AM +0000 Roman Gaufman <[EMAIL PROTECTED]> wrote:
Package: slapd Version: 2.2.23-8 Penetration testing in the company of slapd installed on an up-to-date debian sarge showed that admins were able to make openldap crash using an exploit discovered years ago, http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740 http://secunia.com/advisories/22750/ Please let me know if you need any more details
I hardly think a DoS attack discovered two days ago qualifies as "an exploit discovered years ago".
Also, in your follow-up email, you are confusing two different issue reports -- 17446, and 20939. 17446 refers to a problem in Cyrus-SASL, not OpenLDAP.
--Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
