bind-dyndb-ldap is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the handle_connection_error
function in ldap_helper.c does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service through a non-alphabet character in the base DN in an LDAP search DNS query.
CPE | Name | Operator | Version |
---|---|---|---|
bind-dyndb-ldap | eq | 0.1.0__0.9.b.el6 | |
bind-dyndb-ldap | eq | 0.2.0__1.el6 |
rhn.redhat.com/errata/RHSA-2012-0683.html
secunia.com/advisories/48901
www.openwall.com/lists/oss-security/2012/04/24/15
www.osvdb.org/81619
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=815846
git.fedorahosted.org/cgit/bind-dyndb-ldap.git/tree/NEWS
rhn.redhat.com/errata/RHSA-2012-0683.html
www.redhat.com/archives/freeipa-users/2012-April/msg00144.html