Needed for FC6 +++ This bug was initially created as a clone of Bug #197278 +++ OpenLDAP Denial of Service A denial of service bug was found in the way OpenLDAP processes certain messages. It is possible for an unauthenticated remote attacker to crash the OpenLDAP slapd server. The original advisories are here: http://labs.musecurity.com/advisories/MU-200606-02.txt http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html This issue also affects FC4 -- Additional comment from mjc on 2006-08-15 10:39 EST -- Mu Security reported a denial-of-service vulnerability in Mac OS X's OpenLDAP slapd. The issue was caused by assertions in the message processing code--- some "default:" labels were handled with "assert()". This is the kind of thing: servers/slapd/connection.c 1087 case LDAP_REQ_EXTENDED: 1088 INCR_OP(num_ops_initiated_, SLAP_OP_EXTENDED); 1089 rc = do_extended( op, &rs ); 1090 break; 1091 1092 default: 1093 /* not reachable */ 1094 assert( 0 ); 1095 } 1096 1097 operations_error: Affected versions include at least 2.2.19 and 2.3.24.
The code in FC6 is not vulnerable to this issue.