Debian 2.2 DSA-068-1 Critical: OpenLDAP Remote DoS Threat
debian
August 9, 2001
slapd does not handle packets with an invalid BER length of length fields and will crash if it received them.
Topics Covered
Summary
Package : openldap
Problem type : remote DoS
Debian-specific: no
CERT released their advisory CA-2001-18 which lists a number of
vulnerabilities in various LDAP implementations. based on the
results of the PROTOS LDAPv3 test suite. These tests found one
problem in OpenLDAP, a free LDAP implementation that is shipped
as part of Debian GNU/Linux 2.2.
The problem is that slapd did not handle packets with an invalid
BER length of length fields and would crash if it received those.
An attacked can use this to mount a denial of service attack
remotely.
This problem has been fixed in version 1.2.11-1, and we recommend
that you upgrade your slapd package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
MD5 checksum: b504c90a83025dc6a916187ddabf792a
MD5 checksum...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!