Main Vulnerability Database SB2012081516

SB2012081516 - Buffer overflow in openldap (Alpine package)

Published: August 15, 2012

Security Bulletin ID SB2012081516

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2012-1164)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=a751b31bde3368f8b18be9b55a3445ffc0d191d3
https://git.alpinelinux.org/aports/commit/?id=2a4f6280e5cf666200003553bcb3240ef215c5ab
https://git.alpinelinux.org/aports/commit/?id=2216b84b681a71649cf6ac5ff6bde6ba8117541d