Holger Levsen wrote: > On Saturday 16 September 2006 08:50, Martin Schulze wrote: > > The first one doesn't look like a real security problem. > > Please explain why you think that putting arbitrary long strings into fixed > sized buffers is not a security problem, preferedly in the bugreport.
Please explain how an attacker can exploit this and force slapd to put arbitrary long strings into fixed sized buffers. Precondition: Requiring either root permissions or LDAP admin permissions don't count. Regards, Joey -- Have you ever noticed that "General Public Licence" contains the word "Pub"? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]