[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] openldap DoS
From: Josh Bressers <bressers () redhat ! com>
Date: 2008-06-30 17:19:22
Message-ID: 27027.1214846362 () devserv ! devel ! redhat ! com
[Download RAW message or body]
On 30 June 2008, Ludwig Nussel wrote:
> Hi,
>
> Remote unauthenticated attackers can trigger an assertion in the ASN.1 BER
> decoding of openlap and crash the server:
> http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580
>
The patch is here it seems:
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.120&r2=1.121&hideattic=1&sortbydate=0
I'm adding Steve Christey to the CC for a CVE id.
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic