Secunia
Login
|
|
CVE Reference: CVE-2012-3429 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2012-3429 |
|
|
Description: The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/77391 ST 1027341 SAID Secunia Advisory: SA50086 Secunia Advisory: SA50159 REDHAT http://rhn.redhat.com/errata/RHSA-2012-1139.html MLIST http://www.openwall.com/lists/oss-security/2012/08/02/5 MISC CONFIRM http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006 BID 54787 |
|
| Return to the previous page. |
