389 Directory Server LDAP Control Data Handling Denial

by Carol~ Moderator - 3/12/13 11:33 AM

In Reply to: VULNERABILITIES / FIXES - March 12, 2013 by Carol~ Moderator

389 Directory Server LDAP Control Data Handling Denial of Service Vulnerability

Release Date : 2013-03-12

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Software: 389 Directory Server (formerly known as Fedora Directory Server) 1.x

A vulnerability has been reported in 389 Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling LDAP control data, which can be exploited to crash the server by sending a specially crafted LDAP control sequence.

The vulnerability is reported in versions prior to

Update to version

Provided and/or discovered by:
The vendor credits Thierry Bordaz, Red Hat.

Original Advisory: