389 Directory Server LDAP Control Data Handling Denial

by Carol~ Moderator - 3/12/13 11:33 AM

In Reply to: VULNERABILITIES / FIXES - March 12, 2013 by Carol~ Moderator

389 Directory Server LDAP Control Data Handling Denial of Service Vulnerability

Release Date : 2013-03-12

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Software: 389 Directory Server (formerly known as Fedora Directory Server) 1.x

Description:
A vulnerability has been reported in 389 Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling LDAP control data, which can be exploited to crash the server by sending a specially crafted LDAP control sequence.

The vulnerability is reported in versions prior to 1.3.0.4.

Solution:
Update to version 1.3.0.4.

Provided and/or discovered by:
The vendor credits Thierry Bordaz, Red Hat.

Original Advisory:
https://fedorahosted.org/389/ticket/571
https://bugzilla.redhat.com/show_bug.cgi?id=912964

http://secunia.com/advisories/52279/