Bug 202691 - CVE-2006-1470 OpenLDAP Denial of Service
Summary: CVE-2006-1470 OpenLDAP Denial of Service
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: openldap
Version: 6
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Jay Fenlason
QA Contact:
URL:
Whiteboard: source=cve,reported=20060627,impact=i...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-08-15 20:39 UTC by Mark J. Cox
Modified: 2014-08-31 23:28 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-09-12 17:03:10 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Mark J. Cox 2006-08-15 20:39:34 UTC
Needed for FC6

+++ This bug was initially created as a clone of Bug #197278 +++

OpenLDAP Denial of Service

A denial of service bug was found in the way OpenLDAP processes
certain messages.  It is possible for an unauthenticated remote
attacker to crash the OpenLDAP slapd server.

The original advisories are here:

http://labs.musecurity.com/advisories/MU-200606-02.txt
http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html

This issue also affects FC4

-- Additional comment from mjc on 2006-08-15 10:39 EST --

Mu Security reported a denial-of-service vulnerability in Mac OS X's
OpenLDAP slapd.  The issue was caused by assertions in the message
processing code--- some "default:" labels were handled with "assert()".
This is the kind of thing:

servers/slapd/connection.c
   1087         case LDAP_REQ_EXTENDED:
   1088                 INCR_OP(num_ops_initiated_, SLAP_OP_EXTENDED);
   1089                 rc = do_extended( op, &rs );
   1090                 break;
   1091
   1092         default:
   1093                 /* not reachable */
   1094                 assert( 0 );
   1095         }
   1096
   1097 operations_error:


Affected versions include at least 2.2.19 and 2.3.24.

Comment 2 Jay Fenlason 2006-09-12 17:03:10 UTC
The code in FC6 is not vulnerable to this issue. 


Note You need to log in before you can comment on or make changes to this bug.