Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 202691 - CVE-2006-1470 OpenLDAP Denial of Service
CVE-2006-1470 OpenLDAP Denial of Service
Product: Fedora
Classification: Fedora
Component: openldap (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Jay Fenlason
: Security
Depends On:
  Show dependency treegraph
Reported: 2006-08-15 16:39 EDT by Mark J. Cox
Modified: 2014-08-31 19:28 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-09-12 13:03:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox 2006-08-15 16:39:34 EDT
Needed for FC6

+++ This bug was initially created as a clone of Bug #197278 +++

OpenLDAP Denial of Service

A denial of service bug was found in the way OpenLDAP processes
certain messages.  It is possible for an unauthenticated remote
attacker to crash the OpenLDAP slapd server.

The original advisories are here:


This issue also affects FC4

-- Additional comment from mjc@redhat.com on 2006-08-15 10:39 EST --

Mu Security reported a denial-of-service vulnerability in Mac OS X's
OpenLDAP slapd.  The issue was caused by assertions in the message
processing code--- some "default:" labels were handled with "assert()".
This is the kind of thing:

   1087         case LDAP_REQ_EXTENDED:
   1088                 INCR_OP(num_ops_initiated_, SLAP_OP_EXTENDED);
   1089                 rc = do_extended( op, &rs );
   1090                 break;
   1092         default:
   1093                 /* not reachable */
   1094                 assert( 0 );
   1095         }
   1097 operations_error:

Affected versions include at least 2.2.19 and 2.3.24.
Comment 2 Jay Fenlason 2006-09-12 13:03:10 EDT
The code in FC6 is not vulnerable to this issue. 

Note You need to log in before you can comment on or make changes to this bug.