 |
| Home Page |  |
Advice | |
Reports | |
Activities | |
CERT-FI:P.O. Box 313 Finnish Communications Regulatory Authority (FICORA):Itämerenkatu 3 A |
CERT-FI Advisory on OpenLDAP
DetailsTwo vulnerabilities have been found in OpenLDAP. The vulnerabilities allow an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified command to an affected server. Exploiting the vulnerabilities does not require an authenticated session with the server. CERT-FI coordinated the remediation effort of the vulnerability Vulnerability Coordination Information and AcknowledgementsCERT-FI has coordinated the release of these vulnerabilities between the vulnerability researchers and the affected vendors. The vulnerabilities were found by Ilkka Mattila and Tuomas Salomäki with the Codenomicon LDAPv3 test suite at the Codenomicon Crash Test Party. CERT-FI would like to thank the researchers and the OpenLDAP project for co-operation in the remediation efforts. Vendor Information
RemediationInstall either the latest version of OpenLDAP (http://www.openldap.org) or a fixed version of the software provided by your operating system or application vendor.References
Contact InformationCERT-FI Vulnerability Coordination can be contacted as follows:Email: vulncoord@ficora.fi Please quote the advisory reference [FICORA #383115] in the subject line Telephone: +358 9 6966 510 Monday - Friday 08:00 - 16:15 (EET: UTC+2) Fax : +358 9 6966 515 Post: Vulnerability Coordination FICORA/CERT-FI P.O. Box 313 FI-00181 Helsinki FINLAND CERT-FI encourages those who wish to communicate via email to make use of our PGP key. The key is available at https://www.cert.fi/en/activities/contact/pgp-keys.html The CERT-FI vulnerability coordination policy can be viewed at https://www.cert.fi/en/activities/Vulncoord/vulncoord-policy.html. Revision History22 Jul 2010, 09:33 UTC: Published
|
|
