OpenLDAP: Denial of Service vulnerability — GLSA 200611-25

A flaw in OpenLDAP allows remote unauthenticated attackers to cause a Denial of Service.

Affected packages

net-nds/openldap on all architectures
Affected versions < 2.3.27-r3
Unaffected versions >= 2.3.27-r3
revision >= 2.2.28-r5
revision >= 2.1.30-r8

Background

OpenLDAP is a suite of LDAP-related applications and development tools.

Description

Evgeny Legerov has discovered that the truncation of an incoming authcid longer than 255 characters and ending with a space as the 255th character will lead to an improperly computed name length. This will trigger an assert in the libldap code.

Impact

By sending a BIND request with a specially crafted authcid parameter to an OpenLDAP service, a remote attacker can cause the service to crash.

Workaround

There is no known workaround at this time.

Resolution

All OpenLDAP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "net-nds/openldap"

References

Release date
November 28, 2006

Latest revision
November 28, 2006: 01

Severity
normal

Exploitable
remote

Bugzilla entries