----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/

International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/

----------------------------------------------------------------------

TITLE:
OpenLDAP ASN.1 BER Decoding Denial of Service

SECUNIA ADVISORY ID:
SA30853

VERIFY ADVISORY:
http://secunia.com/advisories/30853/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
>From local network

SOFTWARE:
OpenLDAP 2.3.x
http://secunia.com/product/5943/

DESCRIPTION:
A vulnerability has been reported in OpenLDAP, which can be exploited
by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the
"ber_get_next()" function in libraries/liblber/io.c. This can be
exploited to trigger an "assert()" and terminate the "slapd" process
via a specially crafted ASN.1 BER encoded packet.

The vulnerability is reported in version 2.3.41. Other versions may
also be affected.

SOLUTION:
Use OpenLDAP in trusted networks only.

Fixed in the CVS repository.
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.120&r2=1.121

PROVIDED AND/OR DISCOVERED BY:
Reported by Cameron Hotchkies in an OpenLDAP bug report.

ORIGINAL ADVISORY:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------