OpenLDAP slurpd statusfil buffer overflow - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

OpenLDAP slurpd statusfil buffer overflow

Secunia Advisory:	SA20126
Udsendt:	2006-05-19
Sidste Opdt.:	2006-06-08

Kritisk:	Mindre kritisk
Betydning:	DoS Systemadgang
Hvor:	Fra Internet
Løsning Status:	Producent Patch

Software:	OpenLDAP 2.1.x OpenLDAP 2.2.x OpenLDAP 2.3.x

CVE reference:	CVE-2006-2754 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Beskrivelse: Der er rapporteret en sårbarhed i OpenLDAP, som potentielt kan udnyttes af ondsindede personer til at kompromittere et sårbart system. Sårbarheden skyldes en ikke-kontrolleret buffer i slurpd under håndteringen af statusfilen. Dette kan udnyttes til at forårsage et stack-baseret buffer overflow ved hjælp af et langt hostnavn, der læses fra statusfilen. Sårbarheden er rapporteret i version 2.3.21, men tidligere versioner kan også være berørte. Løsning: Opdatér til version 2.3.22 eller senere. http://www.openldap.org/software/download/ Rapporteret af / Kredit: Rapporteret af producenten. Forløb: 07-06-2006: Tilføjede CVE-reference. 08-06-2006: Opdaterede advisory. Original Advisory: http://www.openldap.org/software/release/changes.html http://www.openldap.org/devel/cvsweb....;hideattic=1&sortbydate=0&f=h



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

6 Relaterede Secunia Advisories

1. OpenLDAP Denial of Service sårbarheder

2. OpenLDAP "krbv4_ldap_auth()" buffer overflow

3. OpenLDAP BIND Denial of Service sårbarhed

4. OpenLDAP slapd "selfwrite" sikkerhedsproblem

5. OpenLDAP / pam_ldap / nss_ldap afsløring af passwords

6. Conectiva update for OpenLDAP

Send Feedback to Secunia

Hvis du har ny information angående dette Secunia advisory eller et produkt i vores database, så send det venligst til os. Du kan sende det til os enten ved at bruge vores web formular eller ved at sende det til vuln@secunia.com. Ideer, foreslag og andet feedback er også meget velkommen.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

2.	Sun Solaris Kernel Covert Channel Security Bypass

3.	Blogn Cross-Site Scripting and Cross-Site Request Forgery

4.	Slackware update for amarok

5.	dotProject SQL Injection and Cross-Site Scripting

6.	Novell eDirectory Multiple Vulnerabilities

7.	Adium MSN SLP Message Integer Overflow Vulnerabilities

8.	Novell Forum TCL Command Injection Vulnerability

9.	Caudium "configvar" Insecure Temporary Files

10.	geo-* Insecure Temporary Files