Family: Debian Local Security Checks --> Category: infos
[DSA068] DSA-068-1 openldap Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
The CERT advisory lists a number of vulnerabilities in various
LDAP implementations, based on the
results of the PROTOS LDAPv3 test suite. These tests found one
problem in OpenLDAP, a free LDAP implementation which is shipped
as part of Debian GNU/Linux 2.2.
The problem is that slapd did not handle packets which had
BER fields of invalid length and would crash if it received them.
A possible hacker could use this to mount a remote denial of service attack.
This problem has been fixed in version 1.2.12-1, and we recommend
that you upgrade your slapd package immediately.
Solution : http://www.debian.org/security/2001/dsa-068
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.