Bug#397673: CVE-2006-5779: OpenLDAP BIND Denial of Service Vulnerability

Package: slapd Severity: grave Tags: security Justification: user security hole A vulnerability has been found in openldap: Evgeny Legerov has reported a vulnerability in OpenLDAP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to

Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP BIND Denial of Service Vulnerability

--On Wednesday, November 08, 2006 10:53 PM +0100 Stefan Fritsch [EMAIL PROTECTED] wrote: Can you supply actual details? This statement isn't very useful without them. Ups. Of course: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779 http://secunia.com/advisories/22750 Proof of

Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP BIND Denial of Service Vulnerability

--On Wednesday, November 08, 2006 9:40 PM +0100 Stefan Fritsch [EMAIL PROTECTED] wrote: Package: slapd Severity: grave Tags: security Justification: user security hole A vulnerability has been found in openldap: Evgeny Legerov has reported a vulnerability in OpenLDAP, which can be

Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP BIND Denial of Service Vulnerability

Can you supply actual details? This statement isn't very useful without them. Ups. Of course: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779 http://secunia.com/advisories/22750 Proof of concept exploit (not tested) is at http://gleg.net/vulndisco_meta.shtml -- To UNSUBSCRIBE,

Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP BIND Denial of Service Vulnerability

--On Wednesday, November 08, 2006 1:56 PM -0800 Quanah Gibson-Mount [EMAIL PROTECTED] wrote: --On Wednesday, November 08, 2006 10:53 PM +0100 Stefan Fritsch [EMAIL PROTECTED] wrote: Can you supply actual details? This statement isn't very useful without them. Ups. Of course:

Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP BIND Denial of Service Vulnerability

--On Wednesday, November 08, 2006 3:02 PM -0800 Quanah Gibson-Mount [EMAIL PROTECTED] wrote: Upstream patch available at: http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c getdn.c 1.124.2.4 - 1.124.2.5 Just to note, this bug can be brute-forced via any existing SASL

Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP BIND Denial of Service Vulnerability

--On Wednesday, November 08, 2006 3:45 PM -0800 Quanah Gibson-Mount [EMAIL PROTECTED] wrote: --On Wednesday, November 08, 2006 3:02 PM -0800 Quanah Gibson-Mount [EMAIL PROTECTED] wrote: Upstream patch available at: http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c

Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP BIND Denial of Service Vulnerability

Quanah Gibson-Mount wrote: --On Wednesday, November 08, 2006 3:45 PM -0800 Quanah Gibson-Mount [EMAIL PROTECTED] wrote: --On Wednesday, November 08, 2006 3:02 PM -0800 Quanah Gibson-Mount [EMAIL PROTECTED] wrote: Upstream patch available at: