Bug 197278

Summary: CVE-2006-1470 OpenLDAP Denial of Service
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: openldapAssignee: Jan Safranek <jsafrane>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 5Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: source=cve,reported=20060627,impact=important,public=20060627
Fixed In Version: openldap-2.3.30-2.fc5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-18 08:08:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2006-06-29 20:19:44 UTC
OpenLDAP Denial of Service

A denial of service bug was found in the way OpenLDAP processes
certain messages.  It is possible for an unauthenticated remote
attacker to crash the OpenLDAP slapd server.

The original advisories are here:

http://labs.musecurity.com/advisories/MU-200606-02.txt
http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html

This issue also affects FC4

Comment 2 Fedora Update System 2007-04-27 05:51:14 UTC
openldap-2.3.30-2.fc5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 3 Fedora Update System 2007-05-14 17:17:14 UTC
openldap-2.3.30-2.fc5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.