OpenLDAP: Denial of Service vulnerability A flaw in OpenLDAP allows remote unauthenticated attackers to cause a Denial of Service. openldap 2006-11-28 2006-11-28 154349 remote 2.3.27-r3 2.2.28-r5 2.1.30-r8 2.3.27-r3

OpenLDAP is a suite of LDAP-related applications and development tools.

Evgeny Legerov has discovered that the truncation of an incoming authcid longer than 255 characters and ending with a space as the 255th character will lead to an improperly computed name length. This will trigger an assert in the libldap code.

By sending a BIND request with a specially crafted authcid parameter to an OpenLDAP service, a remote attacker can cause the service to crash.

There is no known workaround at this time.

All OpenLDAP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose "net-nds/openldap" CVE-2006-5779 jaervosz falco falco